26/9/2019 -- 09:12:25 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 09:12:25 - - [ERRCODE: SC_WARN_EVE_MISSING_EVENTS(318)] - eve.stats will not display all decoder events correctly. See #2225. Set a prefix in stats.decoder-events-prefix. In 5.0 the prefix will default to 'decoder.event'. 26/9/2019 -- 09:12:46 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 09:17:10 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 09:17:31 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 09:41:20 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 09:41:40 - - all 1 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 09:41:46 - - Signal Received. Stopping engine. 26/9/2019 -- 09:41:47 - - Stats for 'eno4': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 26/9/2019 -- 09:42:53 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 09:43:13 - - all 1 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 12:59:06 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 12:59:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 13:02:43 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 13:03:04 - - all 1 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 13:03:50 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 13:04:11 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 13:04:14 - - Signal Received. Stopping engine. 26/9/2019 -- 13:04:15 - - Stats for 'eno4': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 26/9/2019 -- 13:04:15 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 13:04:36 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 13:54:51 - - Signal Received. Stopping engine. 26/9/2019 -- 13:54:53 - - Stats for 'eno4': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 26/9/2019 -- 14:03:18 - - This is Suricata version 4.1.5 RELEASE 26/9/2019 -- 14:03:39 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/9/2019 -- 14:11:34 - - Signal Received. Stopping engine. 26/9/2019 -- 14:11:36 - - Stats for 'eno4': pkts: 26, drop: 0 (0.00%), invalid chksum: 0 4/10/2019 -- 12:38:19 - - This is Suricata version 4.1.5 RELEASE 4/10/2019 -- 12:38:42 - - all 12 packet processing threads, 2 management threads initialized, engine started. 4/10/2019 -- 21:00:16 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 4/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 4/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 5027306896, drop: 1522866493 (30.29%), invalid chksum: 2 4/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 4/10/2019 -- 22:00:25 - - all 12 packet processing threads, 2 management threads initialized, engine started. 5/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 5/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 12380370163, drop: 2968383826 (23.98%), invalid chksum: 0 5/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 5/10/2019 -- 22:00:25 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 6/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11875585505, drop: 3353981904 (28.24%), invalid chksum: 12 6/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 6/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 7/10/2019 -- 21:00:21 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 7/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 7/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11311863813, drop: 3687138529 (32.60%), invalid chksum: 3 7/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 7/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 8/10/2019 -- 21:00:46 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 8/10/2019 -- 22:00:01 - - This is Suricata version 4.1.5 RELEASE 8/10/2019 -- 22:00:23 - - all 12 packet processing threads, 2 management threads initialized, engine started. 9/10/2019 -- 21:00:53 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 9/10/2019 -- 22:00:01 - - This is Suricata version 4.1.5 RELEASE 9/10/2019 -- 22:00:23 - - all 12 packet processing threads, 2 management threads initialized, engine started. 10/10/2019 -- 21:01:05 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 10/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 10/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11549994197, drop: 5103395735 (44.19%), invalid chksum: 17 10/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 10/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 11/10/2019 -- 21:00:41 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 11/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 11/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 12079457572, drop: 4384667608 (36.30%), invalid chksum: 5 11/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 11/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 12/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 12/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11227808490, drop: 3229984047 (28.77%), invalid chksum: 0 12/10/2019 -- 22:00:06 - - This is Suricata version 4.1.5 RELEASE 12/10/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 13/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 13/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 11092891262, drop: 3356253700 (30.26%), invalid chksum: 1 13/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 13/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 14/10/2019 -- 09:22:30 - - This is Suricata version 4.1.5 RELEASE 14/10/2019 -- 09:22:52 - - all 12 packet processing threads, 2 management threads initialized, engine started. 14/10/2019 -- 21:01:13 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 14/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 14/10/2019 -- 22:00:02 - - Stats for 'eno4': pkts: 5985639594, drop: 622467499 (10.40%), invalid chksum: 1 14/10/2019 -- 22:00:02 - - This is Suricata version 4.1.5 RELEASE 14/10/2019 -- 22:00:25 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/10/2019 -- 21:00:42 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 15/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 15/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11507029174, drop: 3063845719 (26.63%), invalid chksum: 1 15/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 15/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 16/10/2019 -- 21:00:55 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 16/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 16/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11290605317, drop: 2597439308 (23.01%), invalid chksum: 7 16/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 16/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 17/10/2019 -- 21:00:42 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 17/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 17/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11807332106, drop: 3377176236 (28.60%), invalid chksum: 10 17/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 17/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/10/2019 -- 21:01:42 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 18/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 18/10/2019 -- 22:00:06 - - Stats for 'eno4': pkts: 11506708918, drop: 2397145919 (20.83%), invalid chksum: 7 18/10/2019 -- 22:00:06 - - This is Suricata version 4.1.5 RELEASE 18/10/2019 -- 22:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 19/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 19/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 11249553431, drop: 3598911314 (31.99%), invalid chksum: 5 19/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 19/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 20/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 20/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 11206611253, drop: 3894378255 (34.75%), invalid chksum: 4 20/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 20/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 21/10/2019 -- 21:01:11 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 21/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 21/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11597102003, drop: 2865793488 (24.71%), invalid chksum: 46 21/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 21/10/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 22/10/2019 -- 21:00:37 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 22/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 22/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11636490792, drop: 3635110694 (31.24%), invalid chksum: 1 22/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 22/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 23/10/2019 -- 21:01:11 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 23/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 23/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11507047964, drop: 3207352916 (27.87%), invalid chksum: 116 23/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 23/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 24/10/2019 -- 21:00:28 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 24/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 24/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 12314575067, drop: 3112931072 (25.28%), invalid chksum: 2 24/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 24/10/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 25/10/2019 -- 21:00:46 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 25/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 25/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 12381782213, drop: 4405901063 (35.58%), invalid chksum: 12 25/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 25/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 26/10/2019 -- 22:00:03 - - Stats for 'eno4': pkts: 12500955611, drop: 5166390191 (41.33%), invalid chksum: 5 26/10/2019 -- 22:00:03 - - This is Suricata version 4.1.5 RELEASE 26/10/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 27/10/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 12162648020, drop: 2841086536 (23.36%), invalid chksum: 1 27/10/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 27/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/10/2019 -- 21:00:57 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 28/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 28/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 12331964377, drop: 2508456854 (20.34%), invalid chksum: 2 28/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 28/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/10/2019 -- 21:00:45 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 29/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 29/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 12670044472, drop: 2879767465 (22.73%), invalid chksum: 6 29/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 29/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 30/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 12425437131, drop: 3463977232 (27.88%), invalid chksum: 6 30/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 30/10/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 31/10/2019 -- 21:00:49 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 31/10/2019 -- 22:00:01 - - Signal Received. Stopping engine. 31/10/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 11233211850, drop: 1830282520 (16.29%), invalid chksum: 9 31/10/2019 -- 22:00:05 - - This is Suricata version 4.1.5 RELEASE 31/10/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/11/2019 -- 21:00:25 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 1/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 1/11/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 11218406373, drop: 4337506331 (38.66%), invalid chksum: 1 1/11/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 1/11/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 2/11/2019 -- 22:00:07 - - Stats for 'eno4': pkts: 11194925476, drop: 3737045927 (33.38%), invalid chksum: 10 2/11/2019 -- 22:00:07 - - This is Suricata version 4.1.5 RELEASE 2/11/2019 -- 22:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 3/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 3/11/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 13135770520, drop: 4649198012 (35.39%), invalid chksum: 0 3/11/2019 -- 22:00:04 - - This is Suricata version 4.1.5 RELEASE 3/11/2019 -- 22:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 4/11/2019 -- 21:00:23 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 4/11/2019 -- 22:00:01 - - This is Suricata version 4.1.5 RELEASE 4/11/2019 -- 22:00:23 - - all 12 packet processing threads, 2 management threads initialized, engine started. 5/11/2019 -- 21:00:46 - - [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 5/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 5/11/2019 -- 22:00:07 - - Stats for 'eno4': pkts: 28186544814, drop: 12283482502 (43.58%), invalid chksum: 20 5/11/2019 -- 22:00:07 - - This is Suricata version 4.1.5 RELEASE 5/11/2019 -- 22:00:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 14:54:34 - - This is Suricata version 4.1.5 RELEASE 6/11/2019 -- 14:54:57 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 14:58:08 - - This is Suricata version 4.1.5 RELEASE 6/11/2019 -- 14:58:40 - - all 1 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 15:00:35 - - This is Suricata version 4.1.5 RELEASE 6/11/2019 -- 15:00:57 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 15:02:15 - - Signal Received. Stopping engine. 6/11/2019 -- 15:02:16 - - Stats for 'eno4': pkts: 27488499, drop: 6671865 (24.27%), invalid chksum: 0 6/11/2019 -- 15:02:33 - - This is Suricata version 4.1.5 RELEASE 6/11/2019 -- 15:02:55 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 15:20:37 - - Signal Received. Stopping engine. 6/11/2019 -- 15:20:38 - - Stats for 'eno4': pkts: 352620525, drop: 69734898 (19.78%), invalid chksum: 0 6/11/2019 -- 15:21:38 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 6/11/2019 -- 15:21:38 - - CPUs/cores online: 12 6/11/2019 -- 15:21:38 - - eve-log output device (regular) initialized: eve.json 6/11/2019 -- 15:21:38 - - Running in live mode, activating unix socket 6/11/2019 -- 15:21:45 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 6/11/2019 -- 15:21:45 - - Threshold config parsed: 0 rule(s) found 6/11/2019 -- 15:21:45 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 6/11/2019 -- 15:22:03 - - Going to use 12 thread(s) 6/11/2019 -- 15:22:03 - - Running in live mode, activating unix socket 6/11/2019 -- 15:22:03 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 6/11/2019 -- 15:22:03 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 15:22:03 - - All AFP capture threads are running. 6/11/2019 -- 15:26:15 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:8 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 6/11/2019 -- 15:26:16 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 6/11/2019 -- 15:26:16 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 186 6/11/2019 -- 15:26:20 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 6/11/2019 -- 15:26:20 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 10197 6/11/2019 -- 15:26:25 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 6/11/2019 -- 21:00:50 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:8 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 6/11/2019 -- 21:00:50 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 6/11/2019 -- 21:00:50 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 186 6/11/2019 -- 21:00:53 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 6/11/2019 -- 21:00:53 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 10198 6/11/2019 -- 21:00:58 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 6/11/2019 -- 22:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 6/11/2019 -- 22:00:01 - - CPUs/cores online: 12 6/11/2019 -- 22:00:01 - - eve-log output device (regular) initialized: eve.json 6/11/2019 -- 22:00:01 - - Running in live mode, activating unix socket 6/11/2019 -- 22:00:08 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 6/11/2019 -- 22:00:08 - - Threshold config parsed: 0 rule(s) found 6/11/2019 -- 22:00:08 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 6/11/2019 -- 22:00:26 - - Going to use 12 thread(s) 6/11/2019 -- 22:00:26 - - Running in live mode, activating unix socket 6/11/2019 -- 22:00:26 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 6/11/2019 -- 22:00:26 - - all 12 packet processing threads, 2 management threads initialized, engine started. 6/11/2019 -- 22:00:26 - - All AFP capture threads are running. 7/11/2019 -- 07:20:20 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 7/11/2019 -- 07:20:20 - - CPUs/cores online: 12 7/11/2019 -- 07:20:20 - - eve-log output device (regular) initialized: eve.json 7/11/2019 -- 07:20:20 - - Running in live mode, activating unix socket 7/11/2019 -- 07:20:27 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 7/11/2019 -- 07:20:28 - - Threshold config parsed: 0 rule(s) found 7/11/2019 -- 07:20:28 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 7/11/2019 -- 07:20:45 - - Going to use 12 thread(s) 7/11/2019 -- 07:20:45 - - Running in live mode, activating unix socket 7/11/2019 -- 07:20:45 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 7/11/2019 -- 07:20:45 - - Created socket directory /var/run/suricata/ 7/11/2019 -- 07:20:45 - - all 12 packet processing threads, 2 management threads initialized, engine started. 7/11/2019 -- 07:20:45 - - All AFP capture threads are running. 7/11/2019 -- 13:53:56 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:8 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 7/11/2019 -- 13:53:56 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 7/11/2019 -- 13:53:56 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 186 7/11/2019 -- 13:54:00 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 7/11/2019 -- 13:54:00 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 10213 7/11/2019 -- 13:54:06 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 7/11/2019 -- 13:59:22 - - Signal Received. Stopping engine. 7/11/2019 -- 13:59:22 - - time elapsed 23917.387s 7/11/2019 -- 13:59:29 - - Alerts: 0 7/11/2019 -- 13:59:33 - - cleaning up signature grouping structure... complete 7/11/2019 -- 13:59:33 - - Stats for 'eno4': pkts: 7900469430, drop: 1844773668 (23.35%), invalid chksum: 371 7/11/2019 -- 14:00:07 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 7/11/2019 -- 14:00:07 - - CPUs/cores online: 12 7/11/2019 -- 14:00:07 - - eve-log output device (regular) initialized: eve.json 7/11/2019 -- 14:00:07 - - Running in live mode, activating unix socket 7/11/2019 -- 14:00:14 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 7/11/2019 -- 14:00:14 - - Threshold config parsed: 0 rule(s) found 7/11/2019 -- 14:00:14 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 7/11/2019 -- 14:00:32 - - Going to use 12 thread(s) 7/11/2019 -- 14:00:32 - - Running in live mode, activating unix socket 7/11/2019 -- 14:00:32 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 7/11/2019 -- 14:00:32 - - all 12 packet processing threads, 2 management threads initialized, engine started. 7/11/2019 -- 14:00:32 - - All AFP capture threads are running. 7/11/2019 -- 14:10:16 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:9 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 7/11/2019 -- 14:10:16 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 7/11/2019 -- 14:10:16 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 191 7/11/2019 -- 14:10:21 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 7/11/2019 -- 14:10:21 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 10353 7/11/2019 -- 14:10:27 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 7/11/2019 -- 14:20:29 - - Signal Received. Stopping engine. 7/11/2019 -- 14:20:29 - - time elapsed 1197.451s 7/11/2019 -- 14:20:31 - - Alerts: 0 7/11/2019 -- 14:20:31 - - cleaning up signature grouping structure... complete 7/11/2019 -- 14:20:31 - - Stats for 'eno4': pkts: 380945736, drop: 73490120 (19.29%), invalid chksum: 0 7/11/2019 -- 14:20:31 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 7/11/2019 -- 14:20:31 - - CPUs/cores online: 12 7/11/2019 -- 14:20:31 - - eve-log output device (regular) initialized: eve.json 7/11/2019 -- 14:20:31 - - Running in live mode, activating unix socket 7/11/2019 -- 14:20:39 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 7/11/2019 -- 14:20:39 - - Threshold config parsed: 0 rule(s) found 7/11/2019 -- 14:20:39 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 7/11/2019 -- 14:20:56 - - Going to use 12 thread(s) 7/11/2019 -- 14:20:56 - - Running in live mode, activating unix socket 7/11/2019 -- 14:20:56 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 7/11/2019 -- 14:20:56 - - all 12 packet processing threads, 2 management threads initialized, engine started. 7/11/2019 -- 14:20:57 - - All AFP capture threads are running. 7/11/2019 -- 14:23:15 - - Signal Received. Stopping engine. 7/11/2019 -- 14:23:15 - - time elapsed 138.962s 7/11/2019 -- 14:23:16 - - Alerts: 0 7/11/2019 -- 14:23:16 - - cleaning up signature grouping structure... complete 7/11/2019 -- 14:23:16 - - Stats for 'eno4': pkts: 39811595, drop: 7042277 (17.69%), invalid chksum: 0 7/11/2019 -- 14:23:49 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 7/11/2019 -- 14:23:49 - - CPUs/cores online: 12 7/11/2019 -- 14:23:49 - - eve-log output device (regular) initialized: eve.json 7/11/2019 -- 14:23:49 - - Running in live mode, activating unix socket 7/11/2019 -- 14:23:56 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 7/11/2019 -- 14:23:56 - - Threshold config parsed: 0 rule(s) found 7/11/2019 -- 14:23:56 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 7/11/2019 -- 14:24:14 - - Going to use 12 thread(s) 7/11/2019 -- 14:24:14 - - Running in live mode, activating unix socket 7/11/2019 -- 14:24:14 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 7/11/2019 -- 14:24:14 - - all 12 packet processing threads, 2 management threads initialized, engine started. 7/11/2019 -- 14:24:14 - - All AFP capture threads are running. 7/11/2019 -- 21:00:51 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 7/11/2019 -- 21:00:51 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 7/11/2019 -- 21:00:51 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 7/11/2019 -- 21:00:55 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 7/11/2019 -- 21:00:55 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11499 7/11/2019 -- 21:01:02 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 8/11/2019 -- 08:27:57 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 8/11/2019 -- 08:27:57 - - CPUs/cores online: 12 8/11/2019 -- 08:27:57 - - eve-log output device (regular) initialized: eve.json 8/11/2019 -- 08:27:57 - - Running in live mode, activating unix socket 8/11/2019 -- 08:28:04 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 8/11/2019 -- 08:28:04 - - Threshold config parsed: 0 rule(s) found 8/11/2019 -- 08:28:04 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 8/11/2019 -- 08:28:22 - - Going to use 12 thread(s) 8/11/2019 -- 08:28:23 - - Running in live mode, activating unix socket 8/11/2019 -- 08:28:23 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 8/11/2019 -- 08:28:23 - - all 12 packet processing threads, 2 management threads initialized, engine started. 8/11/2019 -- 08:28:23 - - All AFP capture threads are running. 8/11/2019 -- 21:00:44 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 8/11/2019 -- 21:00:44 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 8/11/2019 -- 21:00:44 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 8/11/2019 -- 21:00:46 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 8/11/2019 -- 21:00:46 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11500 8/11/2019 -- 21:00:51 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 9/11/2019 -- 21:00:19 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 9/11/2019 -- 21:00:19 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 9/11/2019 -- 21:00:19 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 9/11/2019 -- 21:00:22 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 9/11/2019 -- 21:00:22 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11501 9/11/2019 -- 21:00:26 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 10/11/2019 -- 21:00:16 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 10/11/2019 -- 21:00:16 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 10/11/2019 -- 21:00:16 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 10/11/2019 -- 21:00:19 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 10/11/2019 -- 21:00:19 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11501 10/11/2019 -- 21:00:23 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 11/11/2019 -- 07:29:37 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 11/11/2019 -- 07:29:37 - - CPUs/cores online: 12 11/11/2019 -- 07:29:37 - - eve-log output device (regular) initialized: eve.json 11/11/2019 -- 07:29:37 - - Running in live mode, activating unix socket 11/11/2019 -- 07:29:44 - - 1 rule files processed. 20229 rules successfully loaded, 0 rules failed 11/11/2019 -- 07:29:44 - - Threshold config parsed: 0 rule(s) found 11/11/2019 -- 07:29:45 - - 20232 signatures processed. 1044 are IP-only rules, 4813 are inspecting packet payload, 14319 inspect application layer, 0 are decoder event only 11/11/2019 -- 07:30:02 - - Going to use 12 thread(s) 11/11/2019 -- 07:30:02 - - Running in live mode, activating unix socket 11/11/2019 -- 07:30:02 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 11/11/2019 -- 07:30:02 - - all 12 packet processing threads, 2 management threads initialized, engine started. 11/11/2019 -- 07:30:03 - - All AFP capture threads are running. 11/11/2019 -- 07:31:51 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 11/11/2019 -- 07:31:51 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 11/11/2019 -- 07:31:51 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 11/11/2019 -- 07:31:55 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 11/11/2019 -- 07:31:55 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11501 11/11/2019 -- 07:32:01 - - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. 12/11/2019 -- 12:25:50 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 12/11/2019 -- 12:25:50 - - CPUs/cores online: 12 12/11/2019 -- 12:25:50 - - eve-log output device (regular) initialized: eve.json 12/11/2019 -- 12:25:50 - - Running in live mode, activating unix socket 12/11/2019 -- 12:25:50 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 12/11/2019 -- 12:25:50 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 12/11/2019 -- 12:25:50 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 12/11/2019 -- 12:25:53 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 12/11/2019 -- 12:25:53 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11506 12/11/2019 -- 12:25:58 - - 1 rule files processed. 23579 rules successfully loaded, 121 rules failed 12/11/2019 -- 12:25:58 - - Threshold config parsed: 0 rule(s) found 12/11/2019 -- 12:25:58 - - 23583 signatures processed. 1053 are IP-only rules, 5087 are inspecting packet payload, 17347 inspect application layer, 0 are decoder event only 12/11/2019 -- 12:26:16 - - Going to use 12 thread(s) 12/11/2019 -- 12:26:16 - - Running in live mode, activating unix socket 12/11/2019 -- 12:26:16 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 12/11/2019 -- 12:26:16 - - all 12 packet processing threads, 2 management threads initialized, engine started. 12/11/2019 -- 12:26:17 - - All AFP capture threads are running. 14/11/2019 -- 07:52:55 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 14/11/2019 -- 07:52:55 - - CPUs/cores online: 12 14/11/2019 -- 07:52:55 - - eve-log output device (regular) initialized: eve.json 14/11/2019 -- 07:52:55 - - Running in live mode, activating unix socket 14/11/2019 -- 07:52:55 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 14/11/2019 -- 07:52:55 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 14/11/2019 -- 07:52:55 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 14/11/2019 -- 07:52:58 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 14/11/2019 -- 07:52:58 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11506 14/11/2019 -- 07:53:02 - - 1 rule files processed. 23579 rules successfully loaded, 121 rules failed 14/11/2019 -- 07:53:02 - - Threshold config parsed: 0 rule(s) found 14/11/2019 -- 07:53:03 - - 23583 signatures processed. 1053 are IP-only rules, 5087 are inspecting packet payload, 17347 inspect application layer, 0 are decoder event only 14/11/2019 -- 07:53:21 - - Going to use 12 thread(s) 14/11/2019 -- 07:53:21 - - Running in live mode, activating unix socket 14/11/2019 -- 07:53:21 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 14/11/2019 -- 07:53:21 - - all 12 packet processing threads, 2 management threads initialized, engine started. 14/11/2019 -- 07:53:21 - - Signal Received. Stopping engine. 14/11/2019 -- 07:53:21 - - All AFP capture threads are running. 14/11/2019 -- 07:53:21 - - time elapsed 0.208s 14/11/2019 -- 07:53:21 - - Alerts: 0 14/11/2019 -- 07:53:22 - - cleaning up signature grouping structure... complete 14/11/2019 -- 07:53:22 - - Stats for 'eno4': pkts: 159683, drop: 156865 (98.24%), invalid chksum: 0 14/11/2019 -- 07:53:30 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 14/11/2019 -- 07:53:30 - - CPUs/cores online: 12 14/11/2019 -- 07:53:30 - - eve-log output device (regular) initialized: eve.json 14/11/2019 -- 07:53:30 - - Running in live mode, activating unix socket 14/11/2019 -- 07:53:30 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 14/11/2019 -- 07:53:30 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 14/11/2019 -- 07:53:30 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 14/11/2019 -- 07:53:33 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 14/11/2019 -- 07:53:33 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11506 14/11/2019 -- 07:53:38 - - 1 rule files processed. 23579 rules successfully loaded, 121 rules failed 14/11/2019 -- 07:53:38 - - Threshold config parsed: 0 rule(s) found 14/11/2019 -- 07:53:38 - - 23583 signatures processed. 1053 are IP-only rules, 5087 are inspecting packet payload, 17347 inspect application layer, 0 are decoder event only 14/11/2019 -- 07:53:57 - - Going to use 12 thread(s) 14/11/2019 -- 07:53:57 - - Running in live mode, activating unix socket 14/11/2019 -- 07:53:57 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 14/11/2019 -- 07:53:57 - - all 12 packet processing threads, 2 management threads initialized, engine started. 14/11/2019 -- 07:53:57 - - All AFP capture threads are running. 15/11/2019 -- 07:54:23 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 07:54:23 - - CPUs/cores online: 12 15/11/2019 -- 07:54:23 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 07:54:23 - - Running in live mode, activating unix socket 15/11/2019 -- 07:54:23 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 07:54:23 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 07:54:23 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 07:54:26 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 07:54:26 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 07:54:30 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 07:54:30 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 07:54:31 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 07:54:49 - - Going to use 12 thread(s) 15/11/2019 -- 07:54:49 - - Running in live mode, activating unix socket 15/11/2019 -- 07:54:49 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 07:54:49 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 07:54:49 - - All AFP capture threads are running. 15/11/2019 -- 08:09:57 - - Signal Received. Stopping engine. 15/11/2019 -- 08:09:58 - - time elapsed 909.302s 15/11/2019 -- 08:09:59 - - Alerts: 0 15/11/2019 -- 08:10:00 - - cleaning up signature grouping structure... complete 15/11/2019 -- 08:10:00 - - Stats for 'eno4': pkts: 311728971, drop: 97755791 (31.36%), invalid chksum: 0 15/11/2019 -- 08:10:06 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 08:10:06 - - CPUs/cores online: 12 15/11/2019 -- 08:10:06 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - JA3 is disabled, skipping fields 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_WARN_DUPLICATE_OUTPUT(296)] - Both 'certificate' and 'chain' contains the top certificate, so only one of them should be enabled at a time 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_WARN_DUPLICATE_OUTPUT(296)] - Both 'certificate' and 'chain' contains the top certificate, so only one of them should be enabled at a time 15/11/2019 -- 08:10:06 - - Running in live mode, activating unix socket 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 08:10:06 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 08:10:09 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 08:10:09 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 08:10:13 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 08:10:13 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 08:10:14 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 08:10:32 - - Going to use 12 thread(s) 15/11/2019 -- 08:10:32 - - Running in live mode, activating unix socket 15/11/2019 -- 08:10:32 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 08:10:32 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 08:10:32 - - All AFP capture threads are running. 15/11/2019 -- 08:10:47 - - Signal Received. Stopping engine. 15/11/2019 -- 08:10:48 - - time elapsed 15.621s 15/11/2019 -- 08:10:48 - - Alerts: 0 15/11/2019 -- 08:10:48 - - cleaning up signature grouping structure... complete 15/11/2019 -- 08:10:48 - - Stats for 'eno4': pkts: 3956510, drop: 518792 (13.11%), invalid chksum: 0 15/11/2019 -- 08:16:50 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 08:16:50 - - CPUs/cores online: 12 15/11/2019 -- 08:16:50 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 08:16:50 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 08:16:50 - - Running in live mode, activating unix socket 15/11/2019 -- 08:16:50 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 08:16:50 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 08:16:50 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 08:16:53 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 08:16:53 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 08:16:57 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 08:16:57 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 08:16:57 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 08:17:15 - - Going to use 12 thread(s) 15/11/2019 -- 08:17:15 - - Running in live mode, activating unix socket 15/11/2019 -- 08:17:15 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 08:17:15 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 08:17:16 - - All AFP capture threads are running. 15/11/2019 -- 10:26:23 - - Signal Received. Stopping engine. 15/11/2019 -- 10:26:23 - - time elapsed 7748.107s 15/11/2019 -- 10:26:28 - - Alerts: 0 15/11/2019 -- 10:26:29 - - cleaning up signature grouping structure... complete 15/11/2019 -- 10:26:29 - - Stats for 'eno4': pkts: 2678519054, drop: 882103332 (32.93%), invalid chksum: 5 15/11/2019 -- 10:26:47 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:26:47 - - CPUs/cores online: 12 15/11/2019 -- 10:26:47 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:26:47 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:26:47 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:26:47 - - forcing magic lookup for stored files 15/11/2019 -- 10:26:47 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:26:47 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:26:47 - - Running in live mode, activating unix socket 15/11/2019 -- 10:26:47 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:26:47 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:26:47 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:26:50 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:26:50 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:26:54 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:26:54 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:26:55 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:27:13 - - Going to use 12 thread(s) 15/11/2019 -- 10:27:13 - - Running in live mode, activating unix socket 15/11/2019 -- 10:27:13 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:27:13 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 10:27:13 - - All AFP capture threads are running. 15/11/2019 -- 10:33:05 - - Signal Received. Stopping engine. 15/11/2019 -- 10:33:07 - - time elapsed 353.911s 15/11/2019 -- 10:33:07 - - (W#01-eno4) Files extracted 0 15/11/2019 -- 10:33:07 - - (W#02-eno4) Files extracted 0 15/11/2019 -- 10:33:07 - - (W#03-eno4) Files extracted 0 15/11/2019 -- 10:33:07 - - (W#04-eno4) Files extracted 0 15/11/2019 -- 10:33:07 - - (W#05-eno4) Files extracted 0 15/11/2019 -- 10:33:07 - - (W#06-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#07-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#08-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#09-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#10-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#11-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - (W#12-eno4) Files extracted 0 15/11/2019 -- 10:33:08 - - Alerts: 0 15/11/2019 -- 10:33:08 - - cleaning up signature grouping structure... complete 15/11/2019 -- 10:33:08 - - Stats for 'eno4': pkts: 129455466, drop: 44975847 (34.74%), invalid chksum: 0 15/11/2019 -- 10:33:58 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:33:58 - - CPUs/cores online: 12 15/11/2019 -- 10:33:58 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:33:59 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:33:59 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:33:59 - - forcing magic lookup for stored files 15/11/2019 -- 10:33:59 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:33:59 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:33:59 - - Running in live mode, activating unix socket 15/11/2019 -- 10:33:59 - - Running in live mode, activating unix socket 15/11/2019 -- 10:33:59 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:33:59 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:33:59 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:34:02 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:34:02 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:34:06 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:34:06 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:34:06 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:34:24 - - Going to use 12 thread(s) 15/11/2019 -- 10:34:24 - - Running in live mode, activating unix socket 15/11/2019 -- 10:34:24 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:34:24 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:34:25 - - All AFP capture threads are running. 15/11/2019 -- 10:34:54 - - Signal Received. Stopping engine. 15/11/2019 -- 10:34:55 - - time elapsed 30.558s 15/11/2019 -- 10:34:55 - - (W#01-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#02-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#03-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#04-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#05-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#06-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#07-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#08-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#09-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#10-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#11-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - (W#12-eno4) Files extracted 0 15/11/2019 -- 10:34:55 - - Alerts: 137 15/11/2019 -- 10:34:56 - - cleaning up signature grouping structure... complete 15/11/2019 -- 10:34:56 - - Stats for 'eno4': pkts: 9039507, drop: 1327672 (14.69%), invalid chksum: 0 15/11/2019 -- 10:35:37 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:35:37 - - CPUs/cores online: 12 15/11/2019 -- 10:35:37 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:35:37 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:35:37 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:35:37 - - forcing magic lookup for stored files 15/11/2019 -- 10:35:37 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:35:37 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:35:37 - - Running in live mode, activating unix socket 15/11/2019 -- 10:35:37 - - Running in live mode, activating unix socket 15/11/2019 -- 10:35:37 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:35:37 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:35:37 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:35:40 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:35:40 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:35:44 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:35:44 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:35:44 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:36:03 - - Going to use 12 thread(s) 15/11/2019 -- 10:36:03 - - Running in live mode, activating unix socket 15/11/2019 -- 10:36:03 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:36:03 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:36:03 - - All AFP capture threads are running. 15/11/2019 -- 10:36:33 - - Signal Received. Stopping engine. 15/11/2019 -- 10:36:34 - - time elapsed 31.043s 15/11/2019 -- 10:36:34 - - (W#01-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#02-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#03-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#04-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#05-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#06-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#07-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#08-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#09-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#10-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#11-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - (W#12-eno4) Files extracted 0 15/11/2019 -- 10:36:34 - - Alerts: 149 15/11/2019 -- 10:36:35 - - cleaning up signature grouping structure... complete 15/11/2019 -- 10:36:35 - - Stats for 'eno4': pkts: 13492082, drop: 7107714 (52.68%), invalid chksum: 0 15/11/2019 -- 10:38:10 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:38:10 - - CPUs/cores online: 12 15/11/2019 -- 10:38:10 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:38:10 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:38:10 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:38:10 - - forcing magic lookup for stored files 15/11/2019 -- 10:38:10 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:38:10 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:38:10 - - Running in live mode, activating unix socket 15/11/2019 -- 10:38:10 - - Running in live mode, activating unix socket 15/11/2019 -- 10:38:10 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:38:10 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:38:10 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:38:13 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:38:13 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:38:17 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:38:17 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:38:18 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:38:36 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find type for iface "eth0": No such device 15/11/2019 -- 10:38:36 - - Going to use 12 thread(s) 15/11/2019 -- 10:38:36 - - Running in live mode, activating unix socket 15/11/2019 -- 10:38:36 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:38:36 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:38:36 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find iface eth0: No such device 15/11/2019 -- 10:38:36 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 15/11/2019 -- 10:38:36 - - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0 failed 15/11/2019 -- 10:39:08 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:39:08 - - CPUs/cores online: 12 15/11/2019 -- 10:39:08 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:39:08 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:39:08 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:39:08 - - forcing magic lookup for stored files 15/11/2019 -- 10:39:08 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:39:08 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:39:08 - - Running in live mode, activating unix socket 15/11/2019 -- 10:39:08 - - Running in live mode, activating unix socket 15/11/2019 -- 10:39:08 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:39:08 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:39:08 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:39:11 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:39:11 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:39:15 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:39:15 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:39:16 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:39:34 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find type for iface "eth0": No such device 15/11/2019 -- 10:39:34 - - Going to use 12 thread(s) 15/11/2019 -- 10:39:34 - - Running in live mode, activating unix socket 15/11/2019 -- 10:39:34 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:39:34 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:39:34 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Unable to find iface eth0: No such device 15/11/2019 -- 10:39:34 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 15/11/2019 -- 10:39:34 - - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-eth0 failed 15/11/2019 -- 10:39:52 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:39:52 - - CPUs/cores online: 12 15/11/2019 -- 10:39:52 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:39:52 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:39:52 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:39:52 - - forcing magic lookup for stored files 15/11/2019 -- 10:39:52 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:39:52 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:39:52 - - Running in live mode, activating unix socket 15/11/2019 -- 10:39:52 - - Running in live mode, activating unix socket 15/11/2019 -- 10:39:52 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:39:52 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:39:52 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:39:55 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:39:55 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:40:00 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:40:00 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:40:00 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:40:18 - - Going to use 12 thread(s) 15/11/2019 -- 10:40:18 - - Running in live mode, activating unix socket 15/11/2019 -- 10:40:18 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:40:18 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:40:19 - - All AFP capture threads are running. 15/11/2019 -- 10:46:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 10:46:01 - - CPUs/cores online: 12 15/11/2019 -- 10:46:01 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 10:46:02 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 10:46:02 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 10:46:02 - - forcing magic lookup for stored files 15/11/2019 -- 10:46:02 - - md5 calculation requires linking against libnss 15/11/2019 -- 10:46:02 - - storing files in /var/log/suricata//files 15/11/2019 -- 10:46:02 - - Running in live mode, activating unix socket 15/11/2019 -- 10:46:02 - - Running in live mode, activating unix socket 15/11/2019 -- 10:46:02 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 10:46:02 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled 15/11/2019 -- 10:46:02 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Dridex"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028766; rev:2; metadata:created_at 2019_10_14, updated_at 2019_10_29;)" from file /var/lib/suricata/rules/suricata.rules at line 217 15/11/2019 -- 10:46:04 - - [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled 15/11/2019 -- 10:46:04 - - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/rules/suricata.rules at line 11515 15/11/2019 -- 10:46:09 - - 1 rule files processed. 23599 rules successfully loaded, 121 rules failed 15/11/2019 -- 10:46:09 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 10:46:09 - - 23603 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17369 inspect application layer, 0 are decoder event only 15/11/2019 -- 10:46:27 - - Going to use 12 thread(s) 15/11/2019 -- 10:46:27 - - Running in live mode, activating unix socket 15/11/2019 -- 10:46:27 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 10:46:27 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 10:46:28 - - All AFP capture threads are running. 15/11/2019 -- 14:02:05 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 14:02:05 - - CPUs/cores online: 12 15/11/2019 -- 14:02:05 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 14:02:06 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 14:02:06 - - [ERRCODE: SC_WARN_DEPRECATED(203)] - File-store v1 has been deprecated and will be removed by June 2020. Please update to file-store v2. 15/11/2019 -- 14:02:06 - - forcing magic lookup for stored files 15/11/2019 -- 14:02:06 - - md5 calculation requires linking against libnss 15/11/2019 -- 14:02:06 - - storing files in /var/log/suricata//files 15/11/2019 -- 14:02:06 - - Running in live mode, activating unix socket 15/11/2019 -- 14:02:06 - - Running in live mode, activating unix socket 15/11/2019 -- 14:02:06 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 14:02:13 - - 1 rule files processed. 23598 rules successfully loaded, 0 rules failed 15/11/2019 -- 14:02:13 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 14:02:13 - - 23602 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17368 inspect application layer, 0 are decoder event only 15/11/2019 -- 14:02:31 - - Going to use 12 thread(s) 15/11/2019 -- 14:02:32 - - Running in live mode, activating unix socket 15/11/2019 -- 14:02:32 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 14:02:32 - - all 12 packet processing threads, 4 management threads initialized, engine started. 15/11/2019 -- 14:02:32 - - All AFP capture threads are running. 15/11/2019 -- 14:08:05 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 14:08:05 - - CPUs/cores online: 12 15/11/2019 -- 14:08:05 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 14:08:05 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 14:08:05 - - stats output device (regular) initialized: stats.log 15/11/2019 -- 14:08:05 - - Running in live mode, activating unix socket 15/11/2019 -- 14:08:05 - - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - signature at /var/lib/suricata/rules/suricata.rules:10 uses unknown classtype: "command-and-control", using default priority 3. This message won't be shown again for this classtype 15/11/2019 -- 14:08:12 - - 1 rule files processed. 23598 rules successfully loaded, 0 rules failed 15/11/2019 -- 14:08:12 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 14:08:12 - - 23602 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17368 inspect application layer, 0 are decoder event only 15/11/2019 -- 14:14:10 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 14:14:10 - - CPUs/cores online: 12 15/11/2019 -- 14:14:10 - - [ERRCODE: SC_WARN_NO_JA3_SUPPORT(308)] - no MD5 calculation support built in (LibNSS), disabling JA3 15/11/2019 -- 14:14:10 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 14:14:10 - - stats output device (regular) initialized: stats.log 15/11/2019 -- 14:14:10 - - Running in live mode, activating unix socket 15/11/2019 -- 14:14:17 - - 1 rule files processed. 23598 rules successfully loaded, 0 rules failed 15/11/2019 -- 14:14:17 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 14:14:17 - - 23602 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17368 inspect application layer, 0 are decoder event only 15/11/2019 -- 14:14:35 - - Going to use 12 thread(s) 15/11/2019 -- 14:14:36 - - Running in live mode, activating unix socket 15/11/2019 -- 14:14:36 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 14:14:36 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 14:14:36 - - All AFP capture threads are running. 15/11/2019 -- 14:16:05 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 15/11/2019 -- 14:16:05 - - CPUs/cores online: 12 15/11/2019 -- 14:16:05 - - eve-log output device (regular) initialized: eve.json 15/11/2019 -- 14:16:05 - - stats output device (regular) initialized: stats.log 15/11/2019 -- 14:16:05 - - Running in live mode, activating unix socket 15/11/2019 -- 14:16:12 - - 1 rule files processed. 23598 rules successfully loaded, 0 rules failed 15/11/2019 -- 14:16:13 - - Threshold config parsed: 0 rule(s) found 15/11/2019 -- 14:16:13 - - 23602 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17368 inspect application layer, 0 are decoder event only 15/11/2019 -- 14:16:31 - - Going to use 12 thread(s) 15/11/2019 -- 14:16:31 - - Running in live mode, activating unix socket 15/11/2019 -- 14:16:31 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 15/11/2019 -- 14:16:31 - - all 12 packet processing threads, 2 management threads initialized, engine started. 15/11/2019 -- 14:16:31 - - All AFP capture threads are running. 18/11/2019 -- 07:31:50 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 18/11/2019 -- 07:31:50 - - CPUs/cores online: 12 18/11/2019 -- 07:31:50 - - eve-log output device (regular) initialized: eve.json 18/11/2019 -- 07:31:50 - - stats output device (regular) initialized: stats.log 18/11/2019 -- 07:31:50 - - Running in live mode, activating unix socket 18/11/2019 -- 07:31:58 - - 1 rule files processed. 23598 rules successfully loaded, 0 rules failed 18/11/2019 -- 07:31:58 - - Threshold config parsed: 0 rule(s) found 18/11/2019 -- 07:31:58 - - 23602 signatures processed. 1050 are IP-only rules, 5088 are inspecting packet payload, 17368 inspect application layer, 0 are decoder event only 18/11/2019 -- 07:32:17 - - Going to use 12 thread(s) 18/11/2019 -- 07:32:17 - - Running in live mode, activating unix socket 18/11/2019 -- 07:32:17 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 18/11/2019 -- 07:32:17 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/11/2019 -- 07:32:17 - - All AFP capture threads are running. 18/11/2019 -- 07:55:26 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 18/11/2019 -- 07:55:26 - - CPUs/cores online: 12 18/11/2019 -- 07:55:26 - - eve-log output device (regular) initialized: eve.json 18/11/2019 -- 07:55:26 - - stats output device (regular) initialized: stats.log 18/11/2019 -- 07:55:26 - - Running in live mode, activating unix socket 18/11/2019 -- 07:55:33 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 18/11/2019 -- 07:55:33 - - Threshold config parsed: 0 rule(s) found 18/11/2019 -- 07:55:33 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 18/11/2019 -- 07:55:51 - - Going to use 12 thread(s) 18/11/2019 -- 07:55:52 - - Running in live mode, activating unix socket 18/11/2019 -- 07:55:52 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 18/11/2019 -- 07:55:52 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/11/2019 -- 07:55:52 - - All AFP capture threads are running. 18/11/2019 -- 07:56:12 - - Signal Received. Stopping engine. 18/11/2019 -- 07:56:12 - - time elapsed 20.400s 18/11/2019 -- 07:56:12 - - Alerts: 0 18/11/2019 -- 07:56:13 - - cleaning up signature grouping structure... complete 18/11/2019 -- 07:56:13 - - Stats for 'eno4': pkts: 11794849, drop: 7417273 (62.89%), invalid chksum: 0 18/11/2019 -- 07:56:13 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 18/11/2019 -- 07:56:13 - - CPUs/cores online: 12 18/11/2019 -- 07:56:13 - - eve-log output device (regular) initialized: eve.json 18/11/2019 -- 07:56:13 - - stats output device (regular) initialized: stats.log 18/11/2019 -- 07:56:13 - - Running in live mode, activating unix socket 18/11/2019 -- 07:56:20 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 18/11/2019 -- 07:56:20 - - Threshold config parsed: 0 rule(s) found 18/11/2019 -- 07:56:20 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 18/11/2019 -- 07:56:38 - - Going to use 12 thread(s) 18/11/2019 -- 07:56:39 - - Running in live mode, activating unix socket 18/11/2019 -- 07:56:39 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 18/11/2019 -- 07:56:39 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/11/2019 -- 07:56:39 - - All AFP capture threads are running. 18/11/2019 -- 08:57:24 - - Signal Received. Stopping engine. 18/11/2019 -- 08:57:24 - - time elapsed 3645.749s 18/11/2019 -- 08:57:28 - - Alerts: 0 18/11/2019 -- 08:57:29 - - cleaning up signature grouping structure... complete 18/11/2019 -- 08:57:29 - - Stats for 'eno4': pkts: 1277687211, drop: 362287087 (28.35%), invalid chksum: 5 18/11/2019 -- 08:58:24 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 18/11/2019 -- 08:58:24 - - CPUs/cores online: 12 18/11/2019 -- 08:58:24 - - eve-log output device (regular) initialized: eve.json 18/11/2019 -- 08:58:24 - - stats output device (regular) initialized: stats.log 18/11/2019 -- 08:58:24 - - Running in live mode, activating unix socket 18/11/2019 -- 08:58:32 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 18/11/2019 -- 08:58:32 - - Threshold config parsed: 0 rule(s) found 18/11/2019 -- 08:58:32 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 18/11/2019 -- 08:58:50 - - Going to use 12 thread(s) 18/11/2019 -- 08:58:50 - - Running in live mode, activating unix socket 18/11/2019 -- 08:58:50 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 18/11/2019 -- 08:58:50 - - Created socket directory /var/run/suricata/ 18/11/2019 -- 08:58:50 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/11/2019 -- 08:58:51 - - All AFP capture threads are running. 18/11/2019 -- 14:28:54 - - Signal Received. Stopping engine. 18/11/2019 -- 14:28:54 - - time elapsed 19803.717s 18/11/2019 -- 14:29:00 - - Alerts: 0 18/11/2019 -- 14:29:02 - - cleaning up signature grouping structure... complete 18/11/2019 -- 14:29:02 - - Stats for 'eno4': pkts: 6642434880, drop: 1822115283 (27.43%), invalid chksum: 4 18/11/2019 -- 14:29:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 18/11/2019 -- 14:29:02 - - CPUs/cores online: 12 18/11/2019 -- 14:29:02 - - eve-log output device (regular) initialized: eve.json 18/11/2019 -- 14:29:02 - - stats output device (regular) initialized: stats.log 18/11/2019 -- 14:29:02 - - Running in live mode, activating unix socket 18/11/2019 -- 14:29:10 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 18/11/2019 -- 14:29:10 - - Threshold config parsed: 0 rule(s) found 18/11/2019 -- 14:29:10 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 18/11/2019 -- 14:29:28 - - Going to use 12 thread(s) 18/11/2019 -- 14:29:28 - - Running in live mode, activating unix socket 18/11/2019 -- 14:29:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 18/11/2019 -- 14:29:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 18/11/2019 -- 14:29:29 - - All AFP capture threads are running. 19/11/2019 -- 07:38:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 19/11/2019 -- 07:38:02 - - CPUs/cores online: 12 19/11/2019 -- 07:38:02 - - eve-log output device (regular) initialized: eve.json 19/11/2019 -- 07:38:02 - - stats output device (regular) initialized: stats.log 19/11/2019 -- 07:38:02 - - Running in live mode, activating unix socket 19/11/2019 -- 07:38:10 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 19/11/2019 -- 07:38:10 - - Threshold config parsed: 0 rule(s) found 19/11/2019 -- 07:38:10 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 19/11/2019 -- 07:38:28 - - Going to use 12 thread(s) 19/11/2019 -- 07:38:28 - - Running in live mode, activating unix socket 19/11/2019 -- 07:38:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 19/11/2019 -- 07:38:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 19/11/2019 -- 07:38:29 - - All AFP capture threads are running. 19/11/2019 -- 07:39:38 - - Signal Received. Stopping engine. 19/11/2019 -- 07:39:38 - - time elapsed 69.685s 19/11/2019 -- 07:39:39 - - Alerts: 0 19/11/2019 -- 07:39:39 - - cleaning up signature grouping structure... complete 19/11/2019 -- 07:39:39 - - Stats for 'eno4': pkts: 20464682, drop: 3186408 (15.57%), invalid chksum: 0 19/11/2019 -- 07:39:39 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 19/11/2019 -- 07:39:39 - - CPUs/cores online: 12 19/11/2019 -- 07:39:39 - - eve-log output device (regular) initialized: eve.json 19/11/2019 -- 07:39:39 - - stats output device (regular) initialized: stats.log 19/11/2019 -- 07:39:39 - - Running in live mode, activating unix socket 19/11/2019 -- 07:39:46 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 19/11/2019 -- 07:39:46 - - Threshold config parsed: 0 rule(s) found 19/11/2019 -- 07:39:47 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 19/11/2019 -- 07:40:05 - - Going to use 12 thread(s) 19/11/2019 -- 07:40:05 - - Running in live mode, activating unix socket 19/11/2019 -- 07:40:05 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 19/11/2019 -- 07:40:05 - - all 12 packet processing threads, 2 management threads initialized, engine started. 19/11/2019 -- 07:40:05 - - All AFP capture threads are running. 19/11/2019 -- 07:44:13 - - Signal Received. Stopping engine. 19/11/2019 -- 07:44:14 - - time elapsed 249.206s 19/11/2019 -- 07:44:15 - - Alerts: 0 19/11/2019 -- 07:44:16 - - cleaning up signature grouping structure... complete 19/11/2019 -- 07:44:16 - - Stats for 'eno4': pkts: 71733724, drop: 23996074 (33.45%), invalid chksum: 0 19/11/2019 -- 07:44:16 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 19/11/2019 -- 07:44:16 - - CPUs/cores online: 12 19/11/2019 -- 07:44:16 - - eve-log output device (regular) initialized: eve.json 19/11/2019 -- 07:44:16 - - stats output device (regular) initialized: stats.log 19/11/2019 -- 07:44:16 - - Running in live mode, activating unix socket 19/11/2019 -- 07:44:23 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 19/11/2019 -- 07:44:23 - - Threshold config parsed: 0 rule(s) found 19/11/2019 -- 07:44:23 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 19/11/2019 -- 07:44:41 - - Going to use 12 thread(s) 19/11/2019 -- 07:44:41 - - Running in live mode, activating unix socket 19/11/2019 -- 07:44:41 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 19/11/2019 -- 07:44:41 - - all 12 packet processing threads, 2 management threads initialized, engine started. 19/11/2019 -- 07:44:42 - - All AFP capture threads are running. 20/11/2019 -- 07:18:22 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 20/11/2019 -- 07:18:22 - - CPUs/cores online: 12 20/11/2019 -- 07:18:23 - - eve-log output device (regular) initialized: eve.json 20/11/2019 -- 07:18:23 - - stats output device (regular) initialized: stats.log 20/11/2019 -- 07:18:23 - - Running in live mode, activating unix socket 20/11/2019 -- 07:18:30 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 20/11/2019 -- 07:18:30 - - Threshold config parsed: 0 rule(s) found 20/11/2019 -- 07:18:30 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 20/11/2019 -- 07:18:48 - - Going to use 12 thread(s) 20/11/2019 -- 07:18:48 - - Running in live mode, activating unix socket 20/11/2019 -- 07:18:48 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 20/11/2019 -- 07:18:48 - - all 12 packet processing threads, 2 management threads initialized, engine started. 20/11/2019 -- 07:18:49 - - All AFP capture threads are running. 20/11/2019 -- 16:39:08 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 20/11/2019 -- 16:39:08 - - CPUs/cores online: 12 20/11/2019 -- 16:39:09 - - eve-log output device (regular) initialized: eve.json 20/11/2019 -- 16:39:09 - - stats output device (regular) initialized: stats.log 20/11/2019 -- 16:39:09 - - Running in live mode, activating unix socket 20/11/2019 -- 16:39:16 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 20/11/2019 -- 16:39:16 - - Threshold config parsed: 0 rule(s) found 20/11/2019 -- 16:39:16 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 20/11/2019 -- 16:39:34 - - Going to use 12 thread(s) 20/11/2019 -- 16:39:34 - - Running in live mode, activating unix socket 20/11/2019 -- 16:39:34 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 20/11/2019 -- 16:39:34 - - all 12 packet processing threads, 2 management threads initialized, engine started. 20/11/2019 -- 16:39:35 - - All AFP capture threads are running. 21/11/2019 -- 07:51:16 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 21/11/2019 -- 07:51:16 - - CPUs/cores online: 12 21/11/2019 -- 07:51:16 - - eve-log output device (regular) initialized: eve.json 21/11/2019 -- 07:51:16 - - stats output device (regular) initialized: stats.log 21/11/2019 -- 07:51:16 - - Running in live mode, activating unix socket 21/11/2019 -- 07:51:24 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 21/11/2019 -- 07:51:24 - - Threshold config parsed: 0 rule(s) found 21/11/2019 -- 07:51:24 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 21/11/2019 -- 07:51:42 - - Going to use 12 thread(s) 21/11/2019 -- 07:51:43 - - Running in live mode, activating unix socket 21/11/2019 -- 07:51:43 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 21/11/2019 -- 07:51:43 - - all 12 packet processing threads, 2 management threads initialized, engine started. 21/11/2019 -- 07:51:43 - - All AFP capture threads are running. 21/11/2019 -- 16:36:30 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 21/11/2019 -- 16:36:30 - - CPUs/cores online: 12 21/11/2019 -- 16:36:31 - - eve-log output device (regular) initialized: eve.json 21/11/2019 -- 16:36:31 - - stats output device (regular) initialized: stats.log 21/11/2019 -- 16:36:31 - - Running in live mode, activating unix socket 21/11/2019 -- 16:36:38 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 21/11/2019 -- 16:36:38 - - Threshold config parsed: 0 rule(s) found 21/11/2019 -- 16:36:38 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 21/11/2019 -- 16:36:56 - - Going to use 12 thread(s) 21/11/2019 -- 16:36:57 - - Running in live mode, activating unix socket 21/11/2019 -- 16:36:57 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 21/11/2019 -- 16:36:57 - - all 12 packet processing threads, 2 management threads initialized, engine started. 21/11/2019 -- 16:36:57 - - All AFP capture threads are running. 22/11/2019 -- 07:20:33 - - Signal Received. Stopping engine. 22/11/2019 -- 07:20:33 - - time elapsed 53017.055s 22/11/2019 -- 07:20:52 - - Alerts: 0 22/11/2019 -- 07:20:57 - - cleaning up signature grouping structure... complete 22/11/2019 -- 07:20:57 - - Stats for 'eno4': pkts: 17197882647, drop: 5974080344 (34.74%), invalid chksum: 2 22/11/2019 -- 07:20:59 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 22/11/2019 -- 07:20:59 - - CPUs/cores online: 12 22/11/2019 -- 07:21:01 - - eve-log output device (regular) initialized: eve.json 22/11/2019 -- 07:21:01 - - stats output device (regular) initialized: stats.log 22/11/2019 -- 07:21:01 - - Running in live mode, activating unix socket 22/11/2019 -- 07:21:09 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 22/11/2019 -- 07:21:09 - - Threshold config parsed: 0 rule(s) found 22/11/2019 -- 07:21:09 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 22/11/2019 -- 07:21:27 - - Going to use 12 thread(s) 22/11/2019 -- 07:21:27 - - Running in live mode, activating unix socket 22/11/2019 -- 07:21:27 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 22/11/2019 -- 07:21:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 22/11/2019 -- 07:21:27 - - All AFP capture threads are running. 25/11/2019 -- 07:36:54 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 25/11/2019 -- 07:36:54 - - CPUs/cores online: 12 25/11/2019 -- 07:36:54 - - eve-log output device (regular) initialized: eve.json 25/11/2019 -- 07:36:54 - - stats output device (regular) initialized: stats.log 25/11/2019 -- 07:36:54 - - Running in live mode, activating unix socket 25/11/2019 -- 07:37:02 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 25/11/2019 -- 07:37:02 - - Threshold config parsed: 0 rule(s) found 25/11/2019 -- 07:37:02 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 25/11/2019 -- 07:37:20 - - Going to use 12 thread(s) 25/11/2019 -- 07:37:20 - - Running in live mode, activating unix socket 25/11/2019 -- 07:37:20 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 25/11/2019 -- 07:37:20 - - all 12 packet processing threads, 2 management threads initialized, engine started. 25/11/2019 -- 07:37:21 - - All AFP capture threads are running. 25/11/2019 -- 09:02:08 - - Signal Received. Stopping engine. 25/11/2019 -- 09:02:08 - - time elapsed 5088.291s 25/11/2019 -- 09:02:12 - - Alerts: 0 25/11/2019 -- 09:02:13 - - cleaning up signature grouping structure... complete 25/11/2019 -- 09:02:13 - - Stats for 'eno4': pkts: 1764361746, drop: 408198909 (23.14%), invalid chksum: 1 25/11/2019 -- 09:02:13 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 25/11/2019 -- 09:02:13 - - CPUs/cores online: 12 25/11/2019 -- 09:02:13 - - eve-log output device (regular) initialized: eve.json 25/11/2019 -- 09:02:13 - - stats output device (regular) initialized: stats.log 25/11/2019 -- 09:02:13 - - Running in live mode, activating unix socket 25/11/2019 -- 09:02:20 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 25/11/2019 -- 09:02:20 - - Threshold config parsed: 0 rule(s) found 25/11/2019 -- 09:02:20 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 25/11/2019 -- 09:02:39 - - Going to use 12 thread(s) 25/11/2019 -- 09:02:39 - - Running in live mode, activating unix socket 25/11/2019 -- 09:02:39 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 25/11/2019 -- 09:02:39 - - all 12 packet processing threads, 2 management threads initialized, engine started. 25/11/2019 -- 09:02:39 - - All AFP capture threads are running. 25/11/2019 -- 16:36:13 - - Signal Received. Stopping engine. 25/11/2019 -- 16:36:13 - - time elapsed 27214.377s 25/11/2019 -- 16:36:24 - - Alerts: 0 25/11/2019 -- 16:36:27 - - cleaning up signature grouping structure... complete 25/11/2019 -- 16:36:27 - - Stats for 'eno4': pkts: 9815175100, drop: 3096135601 (31.54%), invalid chksum: 6 25/11/2019 -- 16:36:28 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 25/11/2019 -- 16:36:28 - - CPUs/cores online: 12 25/11/2019 -- 16:36:28 - - eve-log output device (regular) initialized: eve.json 25/11/2019 -- 16:36:28 - - stats output device (regular) initialized: stats.log 25/11/2019 -- 16:36:28 - - Running in live mode, activating unix socket 25/11/2019 -- 16:36:35 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 25/11/2019 -- 16:36:35 - - Threshold config parsed: 0 rule(s) found 25/11/2019 -- 16:36:35 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 25/11/2019 -- 16:36:54 - - Going to use 12 thread(s) 25/11/2019 -- 16:36:54 - - Running in live mode, activating unix socket 25/11/2019 -- 16:36:54 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 25/11/2019 -- 16:36:54 - - all 12 packet processing threads, 2 management threads initialized, engine started. 25/11/2019 -- 16:36:54 - - All AFP capture threads are running. 26/11/2019 -- 07:06:11 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 26/11/2019 -- 07:06:11 - - CPUs/cores online: 12 26/11/2019 -- 07:06:11 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting! 26/11/2019 -- 07:06:31 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 26/11/2019 -- 07:06:31 - - CPUs/cores online: 12 26/11/2019 -- 07:06:31 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting! 26/11/2019 -- 07:07:52 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 26/11/2019 -- 07:07:52 - - CPUs/cores online: 12 26/11/2019 -- 07:07:52 - - eve-log output device (regular) initialized: eve.json 26/11/2019 -- 07:07:52 - - stats output device (regular) initialized: stats.log 26/11/2019 -- 07:07:52 - - Running in live mode, activating unix socket 26/11/2019 -- 07:07:59 - - 1 rule files processed. 23606 rules successfully loaded, 0 rules failed 26/11/2019 -- 07:08:00 - - Threshold config parsed: 0 rule(s) found 26/11/2019 -- 07:08:00 - - 23610 signatures processed. 1048 are IP-only rules, 5090 are inspecting packet payload, 17376 inspect application layer, 0 are decoder event only 26/11/2019 -- 07:08:18 - - Going to use 12 thread(s) 26/11/2019 -- 07:08:18 - - Running in live mode, activating unix socket 26/11/2019 -- 07:08:18 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 26/11/2019 -- 07:08:18 - - Created socket directory /var/run/suricata/ 26/11/2019 -- 07:08:18 - - all 12 packet processing threads, 2 management threads initialized, engine started. 26/11/2019 -- 07:08:19 - - All AFP capture threads are running. 27/11/2019 -- 07:10:22 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 07:10:22 - - CPUs/cores online: 12 27/11/2019 -- 07:10:22 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting! 27/11/2019 -- 07:12:43 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 07:12:43 - - CPUs/cores online: 12 27/11/2019 -- 07:12:43 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting! 27/11/2019 -- 07:18:27 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 07:18:27 - - CPUs/cores online: 12 27/11/2019 -- 07:18:27 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 07:18:27 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 07:18:27 - - Running in live mode, activating unix socket 27/11/2019 -- 07:18:35 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 07:18:35 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 07:18:35 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 07:18:53 - - Going to use 12 thread(s) 27/11/2019 -- 07:18:54 - - Running in live mode, activating unix socket 27/11/2019 -- 07:18:54 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 07:18:54 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 07:18:54 - - All AFP capture threads are running. 27/11/2019 -- 07:44:25 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 07:44:25 - - CPUs/cores online: 12 27/11/2019 -- 07:44:25 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists but appears stale. Make sure Suricata is not running and then remove /var/run/suricata.pid. Aborting! 27/11/2019 -- 07:45:13 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 07:45:13 - - CPUs/cores online: 12 27/11/2019 -- 07:45:13 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 07:45:13 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 07:45:13 - - Running in live mode, activating unix socket 27/11/2019 -- 07:45:21 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 07:45:21 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 07:45:21 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 07:45:39 - - Going to use 12 thread(s) 27/11/2019 -- 07:45:40 - - Running in live mode, activating unix socket 27/11/2019 -- 07:45:40 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 07:45:40 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 07:45:40 - - All AFP capture threads are running. 27/11/2019 -- 14:40:41 - - Signal Received. Stopping engine. 27/11/2019 -- 14:40:41 - - time elapsed 24901.586s 27/11/2019 -- 14:40:48 - - Alerts: 0 27/11/2019 -- 14:40:51 - - cleaning up signature grouping structure... complete 27/11/2019 -- 14:40:51 - - Stats for 'eno4': pkts: 8827182919, drop: 2922449700 (33.11%), invalid chksum: 0 27/11/2019 -- 15:02:26 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:02:26 - - CPUs/cores online: 12 27/11/2019 -- 15:02:26 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:02:26 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:02:26 - - Running in live mode, activating unix socket 27/11/2019 -- 15:02:34 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:02:34 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:02:34 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:02:53 - - Going to use 12 thread(s) 27/11/2019 -- 15:02:53 - - Running in live mode, activating unix socket 27/11/2019 -- 15:02:53 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:02:53 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:02:53 - - All AFP capture threads are running. 27/11/2019 -- 15:03:25 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:03:25 - - CPUs/cores online: 12 27/11/2019 -- 15:03:25 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists and Suricata appears to be running. Aborting! 27/11/2019 -- 15:03:35 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:03:35 - - CPUs/cores online: 12 27/11/2019 -- 15:03:35 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists and Suricata appears to be running. Aborting! 27/11/2019 -- 15:03:45 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:03:45 - - CPUs/cores online: 12 27/11/2019 -- 15:03:45 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists and Suricata appears to be running. Aborting! 27/11/2019 -- 15:03:56 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:03:56 - - CPUs/cores online: 12 27/11/2019 -- 15:03:56 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists and Suricata appears to be running. Aborting! 27/11/2019 -- 15:05:47 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:05:47 - - CPUs/cores online: 12 27/11/2019 -- 15:05:47 - - [ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/var/run/suricata.pid' exists and Suricata appears to be running. Aborting! 27/11/2019 -- 15:05:47 - - Signal Received. Stopping engine. 27/11/2019 -- 15:05:48 - - time elapsed 175.029s 27/11/2019 -- 15:05:48 - - Alerts: 0 27/11/2019 -- 15:05:49 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:05:49 - - Stats for 'eno4': pkts: 63744572, drop: 17386484 (27.28%), invalid chksum: 0 27/11/2019 -- 15:20:58 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:20:58 - - CPUs/cores online: 12 27/11/2019 -- 15:20:58 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:20:58 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:20:58 - - Running in live mode, activating unix socket 27/11/2019 -- 15:21:05 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:21:05 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:21:05 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:21:24 - - Going to use 12 thread(s) 27/11/2019 -- 15:21:24 - - Running in live mode, activating unix socket 27/11/2019 -- 15:21:24 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:21:24 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:21:24 - - All AFP capture threads are running. 27/11/2019 -- 15:21:34 - - Signal Received. Stopping engine. 27/11/2019 -- 15:21:34 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:21:34 - - CPUs/cores online: 12 27/11/2019 -- 15:21:34 - - time elapsed 10.047s 27/11/2019 -- 15:21:34 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:21:34 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:21:34 - - Running in live mode, activating unix socket 27/11/2019 -- 15:21:34 - - Alerts: 0 27/11/2019 -- 15:21:35 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:21:35 - - Stats for 'eno4': pkts: 3256086, drop: 559714 (17.19%), invalid chksum: 0 27/11/2019 -- 15:21:41 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:21:41 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:21:41 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:22:00 - - Going to use 12 thread(s) 27/11/2019 -- 15:22:00 - - Running in live mode, activating unix socket 27/11/2019 -- 15:22:00 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:22:00 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:22:01 - - All AFP capture threads are running. 27/11/2019 -- 15:26:06 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:26:06 - - CPUs/cores online: 12 27/11/2019 -- 15:26:06 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:26:06 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:26:06 - - Running in live mode, activating unix socket 27/11/2019 -- 15:26:17 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:26:17 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:26:17 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:26:47 - - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - fanout not supported by kernel: Kernel too old or cluster-id 1 already in use. 27/11/2019 -- 15:26:47 - - Going to use 1 thread(s) 27/11/2019 -- 15:26:47 - - Running in live mode, activating unix socket 27/11/2019 -- 15:26:47 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:26:47 - - all 1 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:26:47 - - All AFP capture threads are running. 27/11/2019 -- 15:30:45 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:30:45 - - CPUs/cores online: 12 27/11/2019 -- 15:30:45 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:30:45 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:30:45 - - Running in live mode, activating unix socket 27/11/2019 -- 15:30:52 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:30:52 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:30:52 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:31:11 - - Going to use 12 thread(s) 27/11/2019 -- 15:31:11 - - Running in live mode, activating unix socket 27/11/2019 -- 15:31:11 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:31:11 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:31:11 - - Signal Received. Stopping engine. 27/11/2019 -- 15:31:11 - - All AFP capture threads are running. 27/11/2019 -- 15:31:11 - - time elapsed 0.204s 27/11/2019 -- 15:31:11 - - Alerts: 0 27/11/2019 -- 15:31:12 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:31:12 - - Stats for 'eno4': pkts: 167839, drop: 165447 (98.57%), invalid chksum: 0 27/11/2019 -- 15:36:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:36:01 - - CPUs/cores online: 12 27/11/2019 -- 15:36:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:36:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:36:01 - - Running in live mode, activating unix socket 27/11/2019 -- 15:36:08 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:36:08 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:36:08 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:36:27 - - Going to use 12 thread(s) 27/11/2019 -- 15:36:27 - - Running in live mode, activating unix socket 27/11/2019 -- 15:36:27 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:36:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:36:27 - - Signal Received. Stopping engine. 27/11/2019 -- 15:36:27 - - All AFP capture threads are running. 27/11/2019 -- 15:36:27 - - time elapsed 0.195s 27/11/2019 -- 15:36:27 - - Alerts: 0 27/11/2019 -- 15:36:28 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:36:28 - - Stats for 'eno4': pkts: 141144, drop: 138355 (98.02%), invalid chksum: 0 27/11/2019 -- 15:40:34 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:40:34 - - CPUs/cores online: 12 27/11/2019 -- 15:40:34 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:40:34 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:40:34 - - Running in live mode, activating unix socket 27/11/2019 -- 15:40:41 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:40:41 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:40:41 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:41:00 - - Going to use 12 thread(s) 27/11/2019 -- 15:41:00 - - Running in live mode, activating unix socket 27/11/2019 -- 15:41:00 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:41:00 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:41:00 - - All AFP capture threads are running. 27/11/2019 -- 15:43:12 - - Signal Received. Stopping engine. 27/11/2019 -- 15:43:12 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:43:12 - - CPUs/cores online: 12 27/11/2019 -- 15:43:12 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:43:12 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:43:12 - - Running in live mode, activating unix socket 27/11/2019 -- 15:43:13 - - time elapsed 132.703s 27/11/2019 -- 15:43:13 - - Alerts: 0 27/11/2019 -- 15:43:14 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:43:14 - - Stats for 'eno4': pkts: 44980767, drop: 10769744 (23.94%), invalid chksum: 0 27/11/2019 -- 15:43:20 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:43:20 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:43:20 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:43:39 - - Going to use 12 thread(s) 27/11/2019 -- 15:43:39 - - Running in live mode, activating unix socket 27/11/2019 -- 15:43:39 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:43:39 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:43:39 - - All AFP capture threads are running. 27/11/2019 -- 15:43:51 - - Signal Received. Stopping engine. 27/11/2019 -- 15:43:51 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:43:51 - - CPUs/cores online: 12 27/11/2019 -- 15:43:51 - - time elapsed 12.824s 27/11/2019 -- 15:43:51 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:43:51 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:43:51 - - Running in live mode, activating unix socket 27/11/2019 -- 15:43:52 - - Alerts: 0 27/11/2019 -- 15:43:52 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:43:52 - - Stats for 'eno4': pkts: 3952224, drop: 393757 (9.96%), invalid chksum: 0 27/11/2019 -- 15:43:59 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:43:59 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:43:59 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:44:18 - - Going to use 12 thread(s) 27/11/2019 -- 15:44:18 - - Running in live mode, activating unix socket 27/11/2019 -- 15:44:18 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:44:18 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:44:18 - - All AFP capture threads are running. 27/11/2019 -- 15:44:28 - - Signal Received. Stopping engine. 27/11/2019 -- 15:44:28 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:44:28 - - CPUs/cores online: 12 27/11/2019 -- 15:44:28 - - time elapsed 10.437s 27/11/2019 -- 15:44:28 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:44:28 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:44:28 - - Running in live mode, activating unix socket 27/11/2019 -- 15:44:29 - - Alerts: 0 27/11/2019 -- 15:44:29 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:44:29 - - Stats for 'eno4': pkts: 2643994, drop: 256368 (9.70%), invalid chksum: 0 27/11/2019 -- 15:44:36 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:44:36 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:44:36 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:44:54 - - Going to use 12 thread(s) 27/11/2019 -- 15:44:55 - - Running in live mode, activating unix socket 27/11/2019 -- 15:44:55 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:44:55 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:44:55 - - All AFP capture threads are running. 27/11/2019 -- 15:50:02 - - Signal Received. Stopping engine. 27/11/2019 -- 15:50:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 15:50:02 - - CPUs/cores online: 12 27/11/2019 -- 15:50:03 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 15:50:03 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 15:50:03 - - Running in live mode, activating unix socket 27/11/2019 -- 15:50:03 - - time elapsed 308.959s 27/11/2019 -- 15:50:04 - - Alerts: 0 27/11/2019 -- 15:50:05 - - cleaning up signature grouping structure... complete 27/11/2019 -- 15:50:05 - - Stats for 'eno4': pkts: 107598424, drop: 34579943 (32.14%), invalid chksum: 0 27/11/2019 -- 15:50:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 15:50:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 15:50:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 15:50:29 - - Going to use 12 thread(s) 27/11/2019 -- 15:50:29 - - Running in live mode, activating unix socket 27/11/2019 -- 15:50:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 15:50:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 15:50:30 - - All AFP capture threads are running. 27/11/2019 -- 16:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 16:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 16:00:01 - - CPUs/cores online: 12 27/11/2019 -- 16:00:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 16:00:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 16:00:02 - - Running in live mode, activating unix socket 27/11/2019 -- 16:00:02 - - time elapsed 573.070s 27/11/2019 -- 16:00:04 - - Alerts: 0 27/11/2019 -- 16:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 16:00:04 - - Stats for 'eno4': pkts: 194872941, drop: 48594180 (24.94%), invalid chksum: 0 27/11/2019 -- 16:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 16:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 16:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 16:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 16:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 16:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 16:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 16:00:29 - - All AFP capture threads are running. 27/11/2019 -- 16:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 16:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 16:30:01 - - CPUs/cores online: 12 27/11/2019 -- 16:30:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 16:30:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 16:30:01 - - Running in live mode, activating unix socket 27/11/2019 -- 16:30:02 - - time elapsed 1773.681s 27/11/2019 -- 16:30:04 - - Alerts: 0 27/11/2019 -- 16:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 16:30:04 - - Stats for 'eno4': pkts: 622700622, drop: 172372622 (27.68%), invalid chksum: 0 27/11/2019 -- 16:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 16:30:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 16:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 16:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 16:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 16:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 16:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 16:30:29 - - All AFP capture threads are running. 27/11/2019 -- 17:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 17:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 17:00:01 - - CPUs/cores online: 12 27/11/2019 -- 17:00:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 17:00:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 17:00:01 - - Running in live mode, activating unix socket 27/11/2019 -- 17:00:02 - - time elapsed 1773.632s 27/11/2019 -- 17:00:04 - - Alerts: 0 27/11/2019 -- 17:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 17:00:04 - - Stats for 'eno4': pkts: 596316231, drop: 145001660 (24.32%), invalid chksum: 0 27/11/2019 -- 17:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 17:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 17:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 17:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 17:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 17:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 17:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 17:00:29 - - All AFP capture threads are running. 27/11/2019 -- 17:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 17:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 17:30:01 - - CPUs/cores online: 12 27/11/2019 -- 17:30:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 17:30:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 17:30:02 - - Running in live mode, activating unix socket 27/11/2019 -- 17:30:03 - - time elapsed 1774.401s 27/11/2019 -- 17:30:05 - - Alerts: 0 27/11/2019 -- 17:30:05 - - cleaning up signature grouping structure... complete 27/11/2019 -- 17:30:05 - - Stats for 'eno4': pkts: 582825919, drop: 147329982 (25.28%), invalid chksum: 0 27/11/2019 -- 17:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 17:30:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 17:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 17:30:29 - - Going to use 12 thread(s) 27/11/2019 -- 17:30:29 - - Running in live mode, activating unix socket 27/11/2019 -- 17:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 17:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 17:30:29 - - All AFP capture threads are running. 27/11/2019 -- 18:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 18:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 18:00:01 - - CPUs/cores online: 12 27/11/2019 -- 18:00:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 18:00:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 18:00:01 - - Running in live mode, activating unix socket 27/11/2019 -- 18:00:01 - - time elapsed 1772.834s 27/11/2019 -- 18:00:04 - - Alerts: 0 27/11/2019 -- 18:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 18:00:04 - - Stats for 'eno4': pkts: 604292147, drop: 168491434 (27.88%), invalid chksum: 0 27/11/2019 -- 18:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 18:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 18:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 18:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 18:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 18:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 18:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 18:00:28 - - All AFP capture threads are running. 27/11/2019 -- 18:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 18:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 18:30:01 - - CPUs/cores online: 12 27/11/2019 -- 18:30:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 18:30:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 18:30:01 - - Running in live mode, activating unix socket 27/11/2019 -- 18:30:02 - - time elapsed 1773.776s 27/11/2019 -- 18:30:04 - - Alerts: 0 27/11/2019 -- 18:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 18:30:04 - - Stats for 'eno4': pkts: 594368734, drop: 140006625 (23.56%), invalid chksum: 0 27/11/2019 -- 18:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 18:30:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 18:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 18:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 18:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 18:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 18:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 18:30:29 - - All AFP capture threads are running. 27/11/2019 -- 19:00:02 - - Signal Received. Stopping engine. 27/11/2019 -- 19:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 19:00:02 - - CPUs/cores online: 12 27/11/2019 -- 19:00:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 19:00:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 19:00:02 - - Running in live mode, activating unix socket 27/11/2019 -- 19:00:02 - - time elapsed 1774.323s 27/11/2019 -- 19:00:05 - - Alerts: 0 27/11/2019 -- 19:00:05 - - cleaning up signature grouping structure... complete 27/11/2019 -- 19:00:05 - - Stats for 'eno4': pkts: 571133809, drop: 145075729 (25.40%), invalid chksum: 0 27/11/2019 -- 19:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 19:00:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 19:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 19:00:29 - - Going to use 12 thread(s) 27/11/2019 -- 19:00:29 - - Running in live mode, activating unix socket 27/11/2019 -- 19:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 19:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 19:00:29 - - All AFP capture threads are running. 27/11/2019 -- 19:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 19:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 19:30:01 - - CPUs/cores online: 12 27/11/2019 -- 19:30:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 19:30:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 19:30:01 - - Running in live mode, activating unix socket 27/11/2019 -- 19:30:01 - - time elapsed 1772.771s 27/11/2019 -- 19:30:04 - - Alerts: 0 27/11/2019 -- 19:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 19:30:04 - - Stats for 'eno4': pkts: 558051212, drop: 146881047 (26.32%), invalid chksum: 0 27/11/2019 -- 19:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 19:30:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 19:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 19:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 19:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 19:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 19:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 19:30:29 - - All AFP capture threads are running. 27/11/2019 -- 20:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 20:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 20:00:01 - - CPUs/cores online: 12 27/11/2019 -- 20:00:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 20:00:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 20:00:01 - - Running in live mode, activating unix socket 27/11/2019 -- 20:00:02 - - time elapsed 1773.906s 27/11/2019 -- 20:00:04 - - Alerts: 0 27/11/2019 -- 20:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 20:00:04 - - Stats for 'eno4': pkts: 555334505, drop: 169759108 (30.57%), invalid chksum: 0 27/11/2019 -- 20:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 20:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 20:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 20:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 20:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 20:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 20:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 20:00:28 - - All AFP capture threads are running. 27/11/2019 -- 20:30:02 - - Signal Received. Stopping engine. 27/11/2019 -- 20:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 20:30:02 - - CPUs/cores online: 12 27/11/2019 -- 20:30:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 20:30:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 20:30:02 - - Running in live mode, activating unix socket 27/11/2019 -- 20:30:02 - - time elapsed 1774.326s 27/11/2019 -- 20:30:04 - - Alerts: 0 27/11/2019 -- 20:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 20:30:04 - - Stats for 'eno4': pkts: 585556967, drop: 150411455 (25.69%), invalid chksum: 0 27/11/2019 -- 20:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 20:30:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 20:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 20:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 20:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 20:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 20:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 20:30:29 - - All AFP capture threads are running. 27/11/2019 -- 21:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 21:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 21:00:01 - - CPUs/cores online: 12 27/11/2019 -- 21:00:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 21:00:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 21:00:01 - - Running in live mode, activating unix socket 27/11/2019 -- 21:00:02 - - time elapsed 1773.464s 27/11/2019 -- 21:00:04 - - Alerts: 0 27/11/2019 -- 21:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 21:00:04 - - Stats for 'eno4': pkts: 561964633, drop: 151299161 (26.92%), invalid chksum: 0 27/11/2019 -- 21:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 21:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 21:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 21:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 21:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 21:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 21:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 21:00:28 - - All AFP capture threads are running. 27/11/2019 -- 21:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 21:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 21:30:01 - - CPUs/cores online: 12 27/11/2019 -- 21:30:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 21:30:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 21:30:02 - - Running in live mode, activating unix socket 27/11/2019 -- 21:30:02 - - time elapsed 1774.159s 27/11/2019 -- 21:30:04 - - Alerts: 0 27/11/2019 -- 21:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 21:30:04 - - Stats for 'eno4': pkts: 566947434, drop: 143339221 (25.28%), invalid chksum: 0 27/11/2019 -- 21:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 21:30:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 21:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 21:30:29 - - Going to use 12 thread(s) 27/11/2019 -- 21:30:29 - - Running in live mode, activating unix socket 27/11/2019 -- 21:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 21:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 21:30:29 - - All AFP capture threads are running. 27/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 27/11/2019 -- 22:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 22:00:01 - - CPUs/cores online: 12 27/11/2019 -- 22:00:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 22:00:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 22:00:01 - - Running in live mode, activating unix socket 27/11/2019 -- 22:00:01 - - time elapsed 1772.830s 27/11/2019 -- 22:00:03 - - Alerts: 0 27/11/2019 -- 22:00:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 565964310, drop: 150550379 (26.60%), invalid chksum: 0 27/11/2019 -- 22:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 22:00:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 22:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 22:00:28 - - Going to use 12 thread(s) 27/11/2019 -- 22:00:28 - - Running in live mode, activating unix socket 27/11/2019 -- 22:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 22:00:29 - - All AFP capture threads are running. 27/11/2019 -- 22:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 22:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 22:30:01 - - CPUs/cores online: 12 27/11/2019 -- 22:30:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 22:30:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 22:30:01 - - Running in live mode, activating unix socket 27/11/2019 -- 22:30:02 - - time elapsed 1773.529s 27/11/2019 -- 22:30:04 - - Alerts: 0 27/11/2019 -- 22:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 22:30:04 - - Stats for 'eno4': pkts: 550454373, drop: 144048672 (26.17%), invalid chksum: 0 27/11/2019 -- 22:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 22:30:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 22:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 22:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 22:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 22:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 22:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 22:30:29 - - All AFP capture threads are running. 27/11/2019 -- 23:00:02 - - Signal Received. Stopping engine. 27/11/2019 -- 23:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 23:00:02 - - CPUs/cores online: 12 27/11/2019 -- 23:00:02 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 23:00:02 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 23:00:02 - - Running in live mode, activating unix socket 27/11/2019 -- 23:00:02 - - time elapsed 1774.280s 27/11/2019 -- 23:00:04 - - Alerts: 0 27/11/2019 -- 23:00:05 - - cleaning up signature grouping structure... complete 27/11/2019 -- 23:00:05 - - Stats for 'eno4': pkts: 557294142, drop: 148485538 (26.64%), invalid chksum: 0 27/11/2019 -- 23:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 23:00:10 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 23:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 23:00:29 - - Going to use 12 thread(s) 27/11/2019 -- 23:00:29 - - Running in live mode, activating unix socket 27/11/2019 -- 23:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 23:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 23:00:29 - - All AFP capture threads are running. 27/11/2019 -- 23:30:01 - - Signal Received. Stopping engine. 27/11/2019 -- 23:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 27/11/2019 -- 23:30:01 - - CPUs/cores online: 12 27/11/2019 -- 23:30:01 - - eve-log output device (regular) initialized: eve.json 27/11/2019 -- 23:30:01 - - stats output device (regular) initialized: stats.log 27/11/2019 -- 23:30:01 - - Running in live mode, activating unix socket 27/11/2019 -- 23:30:01 - - time elapsed 1772.910s 27/11/2019 -- 23:30:04 - - Alerts: 0 27/11/2019 -- 23:30:04 - - cleaning up signature grouping structure... complete 27/11/2019 -- 23:30:04 - - Stats for 'eno4': pkts: 627519267, drop: 167461578 (26.69%), invalid chksum: 0 27/11/2019 -- 23:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 27/11/2019 -- 23:30:09 - - Threshold config parsed: 0 rule(s) found 27/11/2019 -- 23:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 27/11/2019 -- 23:30:28 - - Going to use 12 thread(s) 27/11/2019 -- 23:30:28 - - Running in live mode, activating unix socket 27/11/2019 -- 23:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/11/2019 -- 23:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 27/11/2019 -- 23:30:29 - - All AFP capture threads are running. 28/11/2019 -- 00:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 00:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 00:00:01 - - CPUs/cores online: 12 28/11/2019 -- 00:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 00:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 00:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 00:00:02 - - time elapsed 1773.882s 28/11/2019 -- 00:00:04 - - Alerts: 0 28/11/2019 -- 00:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 00:00:05 - - Stats for 'eno4': pkts: 561954624, drop: 163472663 (29.09%), invalid chksum: 0 28/11/2019 -- 00:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 00:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 00:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 00:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 00:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 00:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 00:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 00:00:29 - - All AFP capture threads are running. 28/11/2019 -- 00:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 00:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 00:30:02 - - CPUs/cores online: 12 28/11/2019 -- 00:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 00:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 00:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 00:30:03 - - time elapsed 1774.586s 28/11/2019 -- 00:30:04 - - Alerts: 0 28/11/2019 -- 00:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 00:30:05 - - Stats for 'eno4': pkts: 524656391, drop: 191657615 (36.53%), invalid chksum: 0 28/11/2019 -- 00:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 00:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 00:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 00:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 00:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 00:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 00:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 00:30:29 - - All AFP capture threads are running. 28/11/2019 -- 01:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 01:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 01:00:01 - - CPUs/cores online: 12 28/11/2019 -- 01:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 01:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 01:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 01:00:02 - - time elapsed 1772.789s 28/11/2019 -- 01:00:03 - - Alerts: 0 28/11/2019 -- 01:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 01:00:04 - - Stats for 'eno4': pkts: 509186787, drop: 161569330 (31.73%), invalid chksum: 0 28/11/2019 -- 01:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 01:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 01:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 01:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 01:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 01:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 01:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 01:00:29 - - All AFP capture threads are running. 28/11/2019 -- 01:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 01:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 01:30:01 - - CPUs/cores online: 12 28/11/2019 -- 01:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 01:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 01:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 01:30:02 - - time elapsed 1774.029s 28/11/2019 -- 01:30:04 - - Alerts: 0 28/11/2019 -- 01:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 01:30:04 - - Stats for 'eno4': pkts: 691239120, drop: 215031436 (31.11%), invalid chksum: 0 28/11/2019 -- 01:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 01:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 01:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 01:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 01:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 01:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 01:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 01:30:29 - - All AFP capture threads are running. 28/11/2019 -- 02:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 02:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 02:00:01 - - CPUs/cores online: 12 28/11/2019 -- 02:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 02:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 02:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 02:00:01 - - time elapsed 1772.884s 28/11/2019 -- 02:00:03 - - Alerts: 0 28/11/2019 -- 02:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 02:00:04 - - Stats for 'eno4': pkts: 559034482, drop: 154346930 (27.61%), invalid chksum: 0 28/11/2019 -- 02:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 02:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 02:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 02:00:27 - - Going to use 12 thread(s) 28/11/2019 -- 02:00:27 - - Running in live mode, activating unix socket 28/11/2019 -- 02:00:27 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 02:00:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 02:00:28 - - All AFP capture threads are running. 28/11/2019 -- 02:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 02:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 02:30:01 - - CPUs/cores online: 12 28/11/2019 -- 02:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 02:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 02:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 02:30:02 - - time elapsed 1774.423s 28/11/2019 -- 02:30:04 - - Alerts: 0 28/11/2019 -- 02:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 02:30:04 - - Stats for 'eno4': pkts: 574264939, drop: 151676756 (26.41%), invalid chksum: 0 28/11/2019 -- 02:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 02:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 02:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 02:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 02:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 02:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 02:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 02:30:29 - - All AFP capture threads are running. 28/11/2019 -- 03:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 03:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 03:00:01 - - CPUs/cores online: 12 28/11/2019 -- 03:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 03:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 03:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 03:00:02 - - time elapsed 1773.866s 28/11/2019 -- 03:00:05 - - Alerts: 0 28/11/2019 -- 03:00:06 - - cleaning up signature grouping structure... complete 28/11/2019 -- 03:00:06 - - Stats for 'eno4': pkts: 598381403, drop: 152519093 (25.49%), invalid chksum: 0 28/11/2019 -- 03:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 03:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 03:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 03:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 03:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 03:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 03:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 03:00:29 - - All AFP capture threads are running. 28/11/2019 -- 03:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 03:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 03:30:01 - - CPUs/cores online: 12 28/11/2019 -- 03:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 03:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 03:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 03:30:01 - - time elapsed 1772.687s 28/11/2019 -- 03:30:03 - - Alerts: 0 28/11/2019 -- 03:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 03:30:04 - - Stats for 'eno4': pkts: 719507666, drop: 233150688 (32.40%), invalid chksum: 0 28/11/2019 -- 03:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 03:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 03:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 03:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 03:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 03:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 03:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 03:30:28 - - All AFP capture threads are running. 28/11/2019 -- 04:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 04:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 04:00:01 - - CPUs/cores online: 12 28/11/2019 -- 04:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 04:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 04:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 04:00:02 - - time elapsed 1773.968s 28/11/2019 -- 04:00:04 - - Alerts: 0 28/11/2019 -- 04:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 04:00:04 - - Stats for 'eno4': pkts: 714023785, drop: 224611236 (31.46%), invalid chksum: 0 28/11/2019 -- 04:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 04:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 04:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 04:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 04:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 04:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 04:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 04:00:29 - - All AFP capture threads are running. 28/11/2019 -- 04:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 04:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 04:30:02 - - CPUs/cores online: 12 28/11/2019 -- 04:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 04:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 04:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 04:30:02 - - time elapsed 1774.343s 28/11/2019 -- 04:30:04 - - Alerts: 0 28/11/2019 -- 04:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 04:30:05 - - Stats for 'eno4': pkts: 583969963, drop: 150857807 (25.83%), invalid chksum: 0 28/11/2019 -- 04:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 04:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 04:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 04:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 04:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 04:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 04:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 04:30:29 - - All AFP capture threads are running. 28/11/2019 -- 05:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 05:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 05:00:01 - - CPUs/cores online: 12 28/11/2019 -- 05:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 05:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 05:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 05:00:02 - - time elapsed 1773.041s 28/11/2019 -- 05:00:04 - - Alerts: 0 28/11/2019 -- 05:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 05:00:04 - - Stats for 'eno4': pkts: 544912933, drop: 133719898 (24.54%), invalid chksum: 0 28/11/2019 -- 05:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 05:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 05:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 05:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 05:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 05:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 05:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 05:00:28 - - All AFP capture threads are running. 28/11/2019 -- 05:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 05:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 05:30:01 - - CPUs/cores online: 12 28/11/2019 -- 05:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 05:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 05:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 05:30:03 - - time elapsed 1774.951s 28/11/2019 -- 05:30:05 - - Alerts: 0 28/11/2019 -- 05:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 05:30:05 - - Stats for 'eno4': pkts: 578857421, drop: 152953942 (26.42%), invalid chksum: 0 28/11/2019 -- 05:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 05:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 05:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 05:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 05:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 05:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 05:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 05:30:29 - - All AFP capture threads are running. 28/11/2019 -- 06:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 06:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 06:00:01 - - CPUs/cores online: 12 28/11/2019 -- 06:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 06:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 06:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 06:00:01 - - time elapsed 1772.591s 28/11/2019 -- 06:00:03 - - Alerts: 0 28/11/2019 -- 06:00:03 - - cleaning up signature grouping structure... complete 28/11/2019 -- 06:00:03 - - Stats for 'eno4': pkts: 555952561, drop: 154460398 (27.78%), invalid chksum: 0 28/11/2019 -- 06:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 06:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 06:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 06:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 06:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 06:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 06:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 06:00:28 - - All AFP capture threads are running. 28/11/2019 -- 06:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 06:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 06:30:02 - - CPUs/cores online: 12 28/11/2019 -- 06:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 06:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 06:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 06:30:02 - - time elapsed 1774.408s 28/11/2019 -- 06:30:04 - - Alerts: 0 28/11/2019 -- 06:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 06:30:04 - - Stats for 'eno4': pkts: 559135783, drop: 155145860 (27.75%), invalid chksum: 0 28/11/2019 -- 06:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 06:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 06:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 06:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 06:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 06:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 06:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 06:30:29 - - All AFP capture threads are running. 28/11/2019 -- 07:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 07:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 07:00:01 - - CPUs/cores online: 12 28/11/2019 -- 07:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 07:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 07:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 07:00:02 - - time elapsed 1772.858s 28/11/2019 -- 07:00:03 - - Alerts: 0 28/11/2019 -- 07:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 07:00:04 - - Stats for 'eno4': pkts: 566328987, drop: 156715182 (27.67%), invalid chksum: 0 28/11/2019 -- 07:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 07:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 07:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 07:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 07:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 07:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 07:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 07:00:29 - - All AFP capture threads are running. 28/11/2019 -- 07:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 07:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 07:30:01 - - CPUs/cores online: 12 28/11/2019 -- 07:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 07:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 07:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 07:30:02 - - time elapsed 1773.576s 28/11/2019 -- 07:30:04 - - Alerts: 0 28/11/2019 -- 07:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 07:30:04 - - Stats for 'eno4': pkts: 569337678, drop: 147449908 (25.90%), invalid chksum: 1 28/11/2019 -- 07:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 07:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 07:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 07:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 07:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 07:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 07:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 07:30:29 - - All AFP capture threads are running. 28/11/2019 -- 08:00:02 - - Signal Received. Stopping engine. 28/11/2019 -- 08:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 08:00:02 - - CPUs/cores online: 12 28/11/2019 -- 08:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 08:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 08:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 08:00:02 - - time elapsed 1774.060s 28/11/2019 -- 08:00:05 - - Alerts: 0 28/11/2019 -- 08:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 08:00:05 - - Stats for 'eno4': pkts: 566329437, drop: 140190393 (24.75%), invalid chksum: 0 28/11/2019 -- 08:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 08:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 08:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 08:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 08:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 08:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 08:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 08:00:29 - - All AFP capture threads are running. 28/11/2019 -- 08:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 08:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 08:30:01 - - CPUs/cores online: 12 28/11/2019 -- 08:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 08:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 08:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 08:30:02 - - time elapsed 1773.031s 28/11/2019 -- 08:30:04 - - Alerts: 0 28/11/2019 -- 08:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 08:30:04 - - Stats for 'eno4': pkts: 565785776, drop: 138534834 (24.49%), invalid chksum: 0 28/11/2019 -- 08:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 08:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 08:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 08:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 08:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 08:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 08:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 08:30:28 - - All AFP capture threads are running. 28/11/2019 -- 09:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 09:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 09:00:01 - - CPUs/cores online: 12 28/11/2019 -- 09:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 09:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 09:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 09:00:02 - - time elapsed 1774.152s 28/11/2019 -- 09:00:04 - - Alerts: 0 28/11/2019 -- 09:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 09:00:04 - - Stats for 'eno4': pkts: 582778686, drop: 202066187 (34.67%), invalid chksum: 0 28/11/2019 -- 09:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 09:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 09:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 09:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 09:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 09:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 09:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 09:00:30 - - All AFP capture threads are running. 28/11/2019 -- 09:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 09:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 09:30:01 - - CPUs/cores online: 12 28/11/2019 -- 09:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 09:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 09:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 09:30:01 - - time elapsed 1772.400s 28/11/2019 -- 09:30:03 - - Alerts: 0 28/11/2019 -- 09:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 09:30:04 - - Stats for 'eno4': pkts: 573419735, drop: 148676657 (25.93%), invalid chksum: 0 28/11/2019 -- 09:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 09:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 09:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 09:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 09:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 09:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 09:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 09:30:28 - - All AFP capture threads are running. 28/11/2019 -- 10:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 10:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 10:00:01 - - CPUs/cores online: 12 28/11/2019 -- 10:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 10:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 10:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 10:00:02 - - time elapsed 1774.300s 28/11/2019 -- 10:00:04 - - Alerts: 0 28/11/2019 -- 10:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 10:00:04 - - Stats for 'eno4': pkts: 583440094, drop: 148908223 (25.52%), invalid chksum: 0 28/11/2019 -- 10:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 10:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 10:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 10:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 10:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 10:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 10:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 10:00:29 - - All AFP capture threads are running. 28/11/2019 -- 10:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 10:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 10:30:02 - - CPUs/cores online: 12 28/11/2019 -- 10:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 10:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 10:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 10:30:02 - - time elapsed 1773.781s 28/11/2019 -- 10:30:05 - - Alerts: 0 28/11/2019 -- 10:30:06 - - cleaning up signature grouping structure... complete 28/11/2019 -- 10:30:06 - - Stats for 'eno4': pkts: 578661536, drop: 152534225 (26.36%), invalid chksum: 0 28/11/2019 -- 10:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 10:30:11 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 10:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 10:30:30 - - Going to use 12 thread(s) 28/11/2019 -- 10:30:30 - - Running in live mode, activating unix socket 28/11/2019 -- 10:30:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 10:30:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 10:30:30 - - All AFP capture threads are running. 28/11/2019 -- 11:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 11:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 11:00:01 - - CPUs/cores online: 12 28/11/2019 -- 11:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 11:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 11:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 11:00:02 - - time elapsed 1771.651s 28/11/2019 -- 11:00:04 - - Alerts: 0 28/11/2019 -- 11:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 11:00:04 - - Stats for 'eno4': pkts: 560961294, drop: 137147337 (24.45%), invalid chksum: 0 28/11/2019 -- 11:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 11:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 11:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 11:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 11:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 11:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 11:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 11:00:29 - - All AFP capture threads are running. 28/11/2019 -- 11:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 11:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 11:30:01 - - CPUs/cores online: 12 28/11/2019 -- 11:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 11:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 11:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 11:30:02 - - time elapsed 1774.045s 28/11/2019 -- 11:30:04 - - Alerts: 0 28/11/2019 -- 11:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 11:30:05 - - Stats for 'eno4': pkts: 544325138, drop: 150655555 (27.68%), invalid chksum: 0 28/11/2019 -- 11:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 11:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 11:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 11:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 11:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 11:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 11:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 11:30:29 - - All AFP capture threads are running. 28/11/2019 -- 12:00:02 - - Signal Received. Stopping engine. 28/11/2019 -- 12:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 12:00:02 - - CPUs/cores online: 12 28/11/2019 -- 12:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 12:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 12:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 12:00:02 - - time elapsed 1773.901s 28/11/2019 -- 12:00:04 - - Alerts: 0 28/11/2019 -- 12:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 12:00:05 - - Stats for 'eno4': pkts: 571194510, drop: 136546980 (23.91%), invalid chksum: 0 28/11/2019 -- 12:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 12:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 12:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 12:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 12:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 12:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 12:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 12:00:29 - - All AFP capture threads are running. 28/11/2019 -- 12:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 12:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 12:30:01 - - CPUs/cores online: 12 28/11/2019 -- 12:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 12:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 12:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 12:30:02 - - time elapsed 1772.620s 28/11/2019 -- 12:30:03 - - Alerts: 0 28/11/2019 -- 12:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 12:30:04 - - Stats for 'eno4': pkts: 593599048, drop: 155539589 (26.20%), invalid chksum: 0 28/11/2019 -- 12:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 12:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 12:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 12:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 12:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 12:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 12:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 12:30:29 - - All AFP capture threads are running. 28/11/2019 -- 13:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 13:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 13:00:01 - - CPUs/cores online: 12 28/11/2019 -- 13:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 13:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 13:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 13:00:02 - - time elapsed 1774.092s 28/11/2019 -- 13:00:04 - - Alerts: 0 28/11/2019 -- 13:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 13:00:05 - - Stats for 'eno4': pkts: 581538510, drop: 149312939 (25.68%), invalid chksum: 0 28/11/2019 -- 13:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 13:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 13:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 13:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 13:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 13:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 13:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 13:00:29 - - All AFP capture threads are running. 28/11/2019 -- 13:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 13:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 13:30:01 - - CPUs/cores online: 12 28/11/2019 -- 13:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 13:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 13:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 13:30:01 - - time elapsed 1772.841s 28/11/2019 -- 13:30:03 - - Alerts: 0 28/11/2019 -- 13:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 13:30:04 - - Stats for 'eno4': pkts: 559187041, drop: 145019604 (25.93%), invalid chksum: 0 28/11/2019 -- 13:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 13:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 13:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 13:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 13:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 13:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 13:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 13:30:28 - - All AFP capture threads are running. 28/11/2019 -- 14:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 14:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 14:00:01 - - CPUs/cores online: 12 28/11/2019 -- 14:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 14:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 14:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 14:00:02 - - time elapsed 1773.950s 28/11/2019 -- 14:00:04 - - Alerts: 0 28/11/2019 -- 14:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 14:00:04 - - Stats for 'eno4': pkts: 585082536, drop: 158155498 (27.03%), invalid chksum: 0 28/11/2019 -- 14:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 14:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 14:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 14:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 14:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 14:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 14:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 14:00:29 - - All AFP capture threads are running. 28/11/2019 -- 14:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 14:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 14:30:02 - - CPUs/cores online: 12 28/11/2019 -- 14:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 14:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 14:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 14:30:02 - - time elapsed 1773.731s 28/11/2019 -- 14:30:04 - - Alerts: 0 28/11/2019 -- 14:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 14:30:05 - - Stats for 'eno4': pkts: 517644042, drop: 127265012 (24.59%), invalid chksum: 0 28/11/2019 -- 14:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 14:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 14:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 14:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 14:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 14:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 14:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 14:30:29 - - All AFP capture threads are running. 28/11/2019 -- 15:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 15:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 15:00:01 - - CPUs/cores online: 12 28/11/2019 -- 15:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 15:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 15:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 15:00:02 - - time elapsed 1773.225s 28/11/2019 -- 15:00:04 - - Alerts: 0 28/11/2019 -- 15:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 15:00:04 - - Stats for 'eno4': pkts: 593662515, drop: 153463186 (25.85%), invalid chksum: 0 28/11/2019 -- 15:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 15:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 15:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 15:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 15:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 15:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 15:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 15:00:28 - - All AFP capture threads are running. 28/11/2019 -- 15:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 15:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 15:30:01 - - CPUs/cores online: 12 28/11/2019 -- 15:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 15:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 15:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 15:30:02 - - time elapsed 1774.304s 28/11/2019 -- 15:30:04 - - Alerts: 0 28/11/2019 -- 15:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 15:30:05 - - Stats for 'eno4': pkts: 554784637, drop: 143728207 (25.91%), invalid chksum: 0 28/11/2019 -- 15:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 15:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 15:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 15:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 15:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 15:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 15:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 15:30:29 - - All AFP capture threads are running. 28/11/2019 -- 16:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 16:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 16:00:01 - - CPUs/cores online: 12 28/11/2019 -- 16:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 16:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 16:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 16:00:01 - - time elapsed 1772.804s 28/11/2019 -- 16:00:03 - - Alerts: 0 28/11/2019 -- 16:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 16:00:04 - - Stats for 'eno4': pkts: 578456090, drop: 191373341 (33.08%), invalid chksum: 0 28/11/2019 -- 16:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 16:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 16:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 16:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 16:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 16:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 16:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 16:00:28 - - All AFP capture threads are running. 28/11/2019 -- 16:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 16:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 16:30:01 - - CPUs/cores online: 12 28/11/2019 -- 16:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 16:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 16:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 16:30:02 - - time elapsed 1774.137s 28/11/2019 -- 16:30:04 - - Alerts: 0 28/11/2019 -- 16:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 16:30:05 - - Stats for 'eno4': pkts: 561273288, drop: 136860646 (24.38%), invalid chksum: 0 28/11/2019 -- 16:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 16:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 16:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 16:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 16:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 16:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 16:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 16:30:29 - - All AFP capture threads are running. 28/11/2019 -- 17:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 17:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 17:00:01 - - CPUs/cores online: 12 28/11/2019 -- 17:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 17:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 17:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 17:00:02 - - time elapsed 1773.781s 28/11/2019 -- 17:00:05 - - Alerts: 0 28/11/2019 -- 17:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 17:00:05 - - Stats for 'eno4': pkts: 576679181, drop: 155048535 (26.89%), invalid chksum: 0 28/11/2019 -- 17:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 17:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 17:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 17:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 17:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 17:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 17:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 17:00:29 - - All AFP capture threads are running. 28/11/2019 -- 17:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 17:30:01 - - CPUs/cores online: 12 28/11/2019 -- 17:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 17:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 17:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 17:30:08 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 17:30:08 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 17:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 17:30:27 - - Going to use 12 thread(s) 28/11/2019 -- 17:30:27 - - Running in live mode, activating unix socket 28/11/2019 -- 17:30:27 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 17:30:27 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 17:30:28 - - All AFP capture threads are running. 28/11/2019 -- 18:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 18:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 18:00:01 - - CPUs/cores online: 12 28/11/2019 -- 18:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 18:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 18:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 18:00:02 - - time elapsed 1774.752s 28/11/2019 -- 18:00:04 - - Alerts: 0 28/11/2019 -- 18:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 18:00:04 - - Stats for 'eno4': pkts: 552839721, drop: 141073048 (25.52%), invalid chksum: 0 28/11/2019 -- 18:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 18:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 18:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 18:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 18:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 18:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 18:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 18:00:29 - - All AFP capture threads are running. 28/11/2019 -- 18:30:02 - - Signal Received. Stopping engine. 28/11/2019 -- 18:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 18:30:02 - - CPUs/cores online: 12 28/11/2019 -- 18:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 18:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 18:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 18:30:02 - - time elapsed 1774.303s 28/11/2019 -- 18:30:04 - - Alerts: 0 28/11/2019 -- 18:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 18:30:05 - - Stats for 'eno4': pkts: 547869338, drop: 134800320 (24.60%), invalid chksum: 0 28/11/2019 -- 18:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 18:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 18:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 18:30:29 - - Going to use 12 thread(s) 28/11/2019 -- 18:30:29 - - Running in live mode, activating unix socket 28/11/2019 -- 18:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 18:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 18:30:29 - - All AFP capture threads are running. 28/11/2019 -- 19:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 19:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 19:00:01 - - CPUs/cores online: 12 28/11/2019 -- 19:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 19:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 19:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 19:00:01 - - time elapsed 1772.937s 28/11/2019 -- 19:00:03 - - Alerts: 0 28/11/2019 -- 19:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 19:00:04 - - Stats for 'eno4': pkts: 818106212, drop: 293920956 (35.93%), invalid chksum: 0 28/11/2019 -- 19:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 19:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 19:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 19:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 19:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 19:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 19:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 19:00:29 - - All AFP capture threads are running. 28/11/2019 -- 19:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 19:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 19:30:01 - - CPUs/cores online: 12 28/11/2019 -- 19:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 19:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 19:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 19:30:02 - - time elapsed 1774.146s 28/11/2019 -- 19:30:04 - - Alerts: 0 28/11/2019 -- 19:30:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 19:30:05 - - Stats for 'eno4': pkts: 563523649, drop: 185248245 (32.87%), invalid chksum: 0 28/11/2019 -- 19:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 19:30:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 19:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 19:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 19:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 19:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 19:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 19:30:29 - - All AFP capture threads are running. 28/11/2019 -- 20:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 20:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 20:00:01 - - CPUs/cores online: 12 28/11/2019 -- 20:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 20:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 20:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 20:00:01 - - time elapsed 1773.065s 28/11/2019 -- 20:00:03 - - Alerts: 0 28/11/2019 -- 20:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 20:00:04 - - Stats for 'eno4': pkts: 531097272, drop: 183143219 (34.48%), invalid chksum: 0 28/11/2019 -- 20:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 20:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 20:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 20:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 20:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 20:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 20:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 20:00:28 - - All AFP capture threads are running. 28/11/2019 -- 20:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 20:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 20:30:01 - - CPUs/cores online: 12 28/11/2019 -- 20:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 20:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 20:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 20:30:02 - - time elapsed 1774.110s 28/11/2019 -- 20:30:03 - - Alerts: 0 28/11/2019 -- 20:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 20:30:04 - - Stats for 'eno4': pkts: 555578203, drop: 155145198 (27.92%), invalid chksum: 0 28/11/2019 -- 20:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 20:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 20:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 20:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 20:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 20:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 20:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 20:30:28 - - All AFP capture threads are running. 28/11/2019 -- 21:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 21:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 21:00:01 - - CPUs/cores online: 12 28/11/2019 -- 21:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 21:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 21:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 21:00:02 - - time elapsed 1774.242s 28/11/2019 -- 21:00:04 - - Alerts: 0 28/11/2019 -- 21:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 21:00:05 - - Stats for 'eno4': pkts: 549679353, drop: 143510586 (26.11%), invalid chksum: 0 28/11/2019 -- 21:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 21:00:10 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 21:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 21:00:29 - - Going to use 12 thread(s) 28/11/2019 -- 21:00:29 - - Running in live mode, activating unix socket 28/11/2019 -- 21:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 21:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 21:00:29 - - All AFP capture threads are running. 28/11/2019 -- 21:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 21:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 21:30:01 - - CPUs/cores online: 12 28/11/2019 -- 21:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 21:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 21:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 21:30:02 - - time elapsed 1772.838s 28/11/2019 -- 21:30:04 - - Alerts: 0 28/11/2019 -- 21:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 21:30:04 - - Stats for 'eno4': pkts: 558688831, drop: 158855212 (28.43%), invalid chksum: 0 28/11/2019 -- 21:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 21:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 21:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 21:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 21:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 21:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 21:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 21:30:29 - - All AFP capture threads are running. 28/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 22:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 22:00:01 - - CPUs/cores online: 12 28/11/2019 -- 22:00:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 22:00:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 22:00:02 - - Running in live mode, activating unix socket 28/11/2019 -- 22:00:02 - - time elapsed 1773.876s 28/11/2019 -- 22:00:04 - - Alerts: 0 28/11/2019 -- 22:00:05 - - cleaning up signature grouping structure... complete 28/11/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 545921525, drop: 140871789 (25.80%), invalid chksum: 0 28/11/2019 -- 22:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 22:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 22:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 22:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 22:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 22:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 22:00:29 - - All AFP capture threads are running. 28/11/2019 -- 22:30:01 - - Signal Received. Stopping engine. 28/11/2019 -- 22:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 22:30:01 - - CPUs/cores online: 12 28/11/2019 -- 22:30:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 22:30:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 22:30:01 - - Running in live mode, activating unix socket 28/11/2019 -- 22:30:01 - - time elapsed 1773.152s 28/11/2019 -- 22:30:04 - - Alerts: 0 28/11/2019 -- 22:30:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 22:30:04 - - Stats for 'eno4': pkts: 495751406, drop: 123588753 (24.93%), invalid chksum: 0 28/11/2019 -- 22:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 22:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 22:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 22:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 22:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 22:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 22:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 22:30:29 - - All AFP capture threads are running. 28/11/2019 -- 23:00:01 - - Signal Received. Stopping engine. 28/11/2019 -- 23:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 23:00:01 - - CPUs/cores online: 12 28/11/2019 -- 23:00:01 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 23:00:01 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 23:00:01 - - Running in live mode, activating unix socket 28/11/2019 -- 23:00:02 - - time elapsed 1773.748s 28/11/2019 -- 23:00:04 - - Alerts: 0 28/11/2019 -- 23:00:04 - - cleaning up signature grouping structure... complete 28/11/2019 -- 23:00:04 - - Stats for 'eno4': pkts: 570558057, drop: 146448110 (25.67%), invalid chksum: 0 28/11/2019 -- 23:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 23:00:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 23:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 23:00:28 - - Going to use 12 thread(s) 28/11/2019 -- 23:00:28 - - Running in live mode, activating unix socket 28/11/2019 -- 23:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 23:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 23:00:29 - - All AFP capture threads are running. 28/11/2019 -- 23:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 28/11/2019 -- 23:30:02 - - CPUs/cores online: 12 28/11/2019 -- 23:30:02 - - eve-log output device (regular) initialized: eve.json 28/11/2019 -- 23:30:02 - - stats output device (regular) initialized: stats.log 28/11/2019 -- 23:30:02 - - Running in live mode, activating unix socket 28/11/2019 -- 23:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 28/11/2019 -- 23:30:09 - - Threshold config parsed: 0 rule(s) found 28/11/2019 -- 23:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 28/11/2019 -- 23:30:28 - - Going to use 12 thread(s) 28/11/2019 -- 23:30:28 - - Running in live mode, activating unix socket 28/11/2019 -- 23:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 28/11/2019 -- 23:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 28/11/2019 -- 23:30:28 - - All AFP capture threads are running. 29/11/2019 -- 00:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 00:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 00:00:01 - - CPUs/cores online: 12 29/11/2019 -- 00:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 00:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 00:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 00:00:01 - - time elapsed 1773.571s 29/11/2019 -- 00:00:03 - - Alerts: 0 29/11/2019 -- 00:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 00:00:04 - - Stats for 'eno4': pkts: 577420393, drop: 214290760 (37.11%), invalid chksum: 0 29/11/2019 -- 00:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 00:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 00:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 00:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 00:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 00:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 00:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 00:00:28 - - All AFP capture threads are running. 29/11/2019 -- 00:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 00:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 00:30:01 - - CPUs/cores online: 12 29/11/2019 -- 00:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 00:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 00:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 00:30:02 - - time elapsed 1774.109s 29/11/2019 -- 00:30:05 - - Alerts: 0 29/11/2019 -- 00:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 00:30:05 - - Stats for 'eno4': pkts: 529103275, drop: 139091113 (26.29%), invalid chksum: 0 29/11/2019 -- 00:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 00:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 00:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 00:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 00:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 00:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 00:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 00:30:29 - - All AFP capture threads are running. 29/11/2019 -- 01:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 01:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 01:00:02 - - CPUs/cores online: 12 29/11/2019 -- 01:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 01:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 01:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 01:00:02 - - time elapsed 1774.127s 29/11/2019 -- 01:00:05 - - Alerts: 0 29/11/2019 -- 01:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 01:00:05 - - Stats for 'eno4': pkts: 489886651, drop: 119811899 (24.46%), invalid chksum: 0 29/11/2019 -- 01:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 01:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 01:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 01:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 01:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 01:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 01:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 01:00:29 - - All AFP capture threads are running. 29/11/2019 -- 01:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 01:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 01:30:01 - - CPUs/cores online: 12 29/11/2019 -- 01:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 01:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 01:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 01:30:02 - - time elapsed 1773.097s 29/11/2019 -- 01:30:03 - - Alerts: 0 29/11/2019 -- 01:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 01:30:04 - - Stats for 'eno4': pkts: 658811450, drop: 248336629 (37.69%), invalid chksum: 0 29/11/2019 -- 01:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 01:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 01:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 01:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 01:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 01:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 01:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 01:30:28 - - All AFP capture threads are running. 29/11/2019 -- 02:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 02:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 02:00:01 - - CPUs/cores online: 12 29/11/2019 -- 02:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 02:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 02:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 02:00:02 - - time elapsed 1774.278s 29/11/2019 -- 02:00:04 - - Alerts: 0 29/11/2019 -- 02:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 02:00:04 - - Stats for 'eno4': pkts: 522044750, drop: 167649096 (32.11%), invalid chksum: 0 29/11/2019 -- 02:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 02:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 02:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 02:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 02:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 02:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 02:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 02:00:29 - - All AFP capture threads are running. 29/11/2019 -- 02:30:02 - - Signal Received. Stopping engine. 29/11/2019 -- 02:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 02:30:02 - - CPUs/cores online: 12 29/11/2019 -- 02:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 02:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 02:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 02:30:03 - - time elapsed 1775.173s 29/11/2019 -- 02:30:05 - - Alerts: 0 29/11/2019 -- 02:30:06 - - cleaning up signature grouping structure... complete 29/11/2019 -- 02:30:06 - - Stats for 'eno4': pkts: 561392351, drop: 179227648 (31.93%), invalid chksum: 0 29/11/2019 -- 02:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 02:30:11 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 02:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 02:30:30 - - Going to use 12 thread(s) 29/11/2019 -- 02:30:30 - - Running in live mode, activating unix socket 29/11/2019 -- 02:30:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 02:30:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 02:30:30 - - All AFP capture threads are running. 29/11/2019 -- 03:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 03:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 03:00:01 - - CPUs/cores online: 12 29/11/2019 -- 03:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 03:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 03:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 03:00:02 - - time elapsed 1772.126s 29/11/2019 -- 03:00:04 - - Alerts: 0 29/11/2019 -- 03:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 03:00:04 - - Stats for 'eno4': pkts: 543384191, drop: 144380548 (26.57%), invalid chksum: 0 29/11/2019 -- 03:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 03:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 03:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 03:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 03:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 03:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 03:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 03:00:29 - - All AFP capture threads are running. 29/11/2019 -- 03:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 03:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 03:30:01 - - CPUs/cores online: 12 29/11/2019 -- 03:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 03:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 03:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 03:30:02 - - time elapsed 1774.137s 29/11/2019 -- 03:30:04 - - Alerts: 0 29/11/2019 -- 03:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 03:30:05 - - Stats for 'eno4': pkts: 706417306, drop: 249543022 (35.33%), invalid chksum: 0 29/11/2019 -- 03:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 03:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 03:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 03:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 03:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 03:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 03:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 03:30:29 - - All AFP capture threads are running. 29/11/2019 -- 04:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 04:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 04:00:01 - - CPUs/cores online: 12 29/11/2019 -- 04:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 04:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 04:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 04:00:01 - - time elapsed 1772.959s 29/11/2019 -- 04:00:03 - - Alerts: 0 29/11/2019 -- 04:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 04:00:04 - - Stats for 'eno4': pkts: 633720593, drop: 179583900 (28.34%), invalid chksum: 0 29/11/2019 -- 04:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 04:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 04:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 04:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 04:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 04:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 04:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 04:00:28 - - All AFP capture threads are running. 29/11/2019 -- 04:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 04:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 04:30:01 - - CPUs/cores online: 12 29/11/2019 -- 04:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 04:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 04:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 04:30:02 - - time elapsed 1773.979s 29/11/2019 -- 04:30:04 - - Alerts: 0 29/11/2019 -- 04:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 04:30:04 - - Stats for 'eno4': pkts: 579213883, drop: 161265077 (27.84%), invalid chksum: 0 29/11/2019 -- 04:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 04:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 04:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 04:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 04:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 04:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 04:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 04:30:29 - - All AFP capture threads are running. 29/11/2019 -- 05:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 05:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 05:00:02 - - CPUs/cores online: 12 29/11/2019 -- 05:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 05:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 05:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 05:00:02 - - time elapsed 1773.682s 29/11/2019 -- 05:00:04 - - Alerts: 0 29/11/2019 -- 05:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 05:00:05 - - Stats for 'eno4': pkts: 544338959, drop: 150847203 (27.71%), invalid chksum: 0 29/11/2019 -- 05:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 05:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 05:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 05:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 05:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 05:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 05:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 05:00:29 - - All AFP capture threads are running. 29/11/2019 -- 05:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 05:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 05:30:01 - - CPUs/cores online: 12 29/11/2019 -- 05:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 05:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 05:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 05:30:02 - - time elapsed 1773.023s 29/11/2019 -- 05:30:03 - - Alerts: 0 29/11/2019 -- 05:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 05:30:04 - - Stats for 'eno4': pkts: 567515854, drop: 172545587 (30.40%), invalid chksum: 0 29/11/2019 -- 05:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 05:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 05:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 05:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 05:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 05:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 05:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 05:30:29 - - All AFP capture threads are running. 29/11/2019 -- 06:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 06:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 06:00:01 - - CPUs/cores online: 12 29/11/2019 -- 06:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 06:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 06:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 06:00:02 - - time elapsed 1773.958s 29/11/2019 -- 06:00:04 - - Alerts: 0 29/11/2019 -- 06:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 06:00:04 - - Stats for 'eno4': pkts: 531225105, drop: 184906489 (34.81%), invalid chksum: 0 29/11/2019 -- 06:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 06:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 06:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 06:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 06:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 06:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 06:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 06:00:29 - - All AFP capture threads are running. 29/11/2019 -- 06:30:02 - - Signal Received. Stopping engine. 29/11/2019 -- 06:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 06:30:02 - - CPUs/cores online: 12 29/11/2019 -- 06:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 06:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 06:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 06:30:02 - - time elapsed 1774.326s 29/11/2019 -- 06:30:04 - - Alerts: 0 29/11/2019 -- 06:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 06:30:05 - - Stats for 'eno4': pkts: 552604834, drop: 191081252 (34.58%), invalid chksum: 0 29/11/2019 -- 06:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 06:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 06:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 06:30:30 - - Going to use 12 thread(s) 29/11/2019 -- 06:30:30 - - Running in live mode, activating unix socket 29/11/2019 -- 06:30:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 06:30:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 06:30:31 - - All AFP capture threads are running. 29/11/2019 -- 07:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 07:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 07:00:01 - - CPUs/cores online: 12 29/11/2019 -- 07:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 07:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 07:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 07:00:02 - - time elapsed 1771.294s 29/11/2019 -- 07:00:03 - - Alerts: 0 29/11/2019 -- 07:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 07:00:04 - - Stats for 'eno4': pkts: 516950852, drop: 148334473 (28.69%), invalid chksum: 0 29/11/2019 -- 07:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 07:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 07:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 07:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 07:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 07:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 07:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 07:00:28 - - All AFP capture threads are running. 29/11/2019 -- 07:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 07:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 07:30:01 - - CPUs/cores online: 12 29/11/2019 -- 07:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 07:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 07:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 07:30:02 - - time elapsed 1774.244s 29/11/2019 -- 07:30:05 - - Alerts: 0 29/11/2019 -- 07:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 07:30:05 - - Stats for 'eno4': pkts: 501846673, drop: 126640259 (25.23%), invalid chksum: 5 29/11/2019 -- 07:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 07:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 07:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 07:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 07:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 07:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 07:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 07:30:29 - - All AFP capture threads are running. 29/11/2019 -- 08:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 08:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 08:00:02 - - CPUs/cores online: 12 29/11/2019 -- 08:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 08:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 08:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 08:00:02 - - time elapsed 1773.869s 29/11/2019 -- 08:00:04 - - Alerts: 0 29/11/2019 -- 08:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 08:00:05 - - Stats for 'eno4': pkts: 523119408, drop: 140985170 (26.95%), invalid chksum: 0 29/11/2019 -- 08:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 08:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 08:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 08:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 08:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 08:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 08:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 08:00:29 - - All AFP capture threads are running. 29/11/2019 -- 08:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 08:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 08:30:01 - - CPUs/cores online: 12 29/11/2019 -- 08:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 08:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 08:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 08:30:02 - - time elapsed 1773.059s 29/11/2019 -- 08:30:04 - - Alerts: 0 29/11/2019 -- 08:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 08:30:04 - - Stats for 'eno4': pkts: 567364629, drop: 151626565 (26.72%), invalid chksum: 0 29/11/2019 -- 08:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 08:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 08:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 08:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 08:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 08:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 08:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 08:30:29 - - All AFP capture threads are running. 29/11/2019 -- 09:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 09:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 09:00:01 - - CPUs/cores online: 12 29/11/2019 -- 09:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 09:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 09:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 09:00:02 - - time elapsed 1773.896s 29/11/2019 -- 09:00:05 - - Alerts: 0 29/11/2019 -- 09:00:06 - - cleaning up signature grouping structure... complete 29/11/2019 -- 09:00:06 - - Stats for 'eno4': pkts: 529291747, drop: 135894973 (25.67%), invalid chksum: 0 29/11/2019 -- 09:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 09:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 09:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 09:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 09:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 09:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 09:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 09:00:29 - - All AFP capture threads are running. 29/11/2019 -- 09:30:02 - - Signal Received. Stopping engine. 29/11/2019 -- 09:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 09:30:02 - - CPUs/cores online: 12 29/11/2019 -- 09:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 09:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 09:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 09:30:03 - - time elapsed 1774.149s 29/11/2019 -- 09:30:04 - - Alerts: 0 29/11/2019 -- 09:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 09:30:05 - - Stats for 'eno4': pkts: 532818960, drop: 141817214 (26.62%), invalid chksum: 0 29/11/2019 -- 09:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 09:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 09:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 09:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 09:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 09:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 09:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 09:30:29 - - All AFP capture threads are running. 29/11/2019 -- 10:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 10:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 10:00:01 - - CPUs/cores online: 12 29/11/2019 -- 10:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 10:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 10:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 10:00:02 - - time elapsed 1772.990s 29/11/2019 -- 10:00:04 - - Alerts: 0 29/11/2019 -- 10:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 10:00:04 - - Stats for 'eno4': pkts: 567188606, drop: 144358246 (25.45%), invalid chksum: 0 29/11/2019 -- 10:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 10:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 10:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 10:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 10:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 10:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 10:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 10:00:29 - - All AFP capture threads are running. 29/11/2019 -- 10:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 10:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 10:30:01 - - CPUs/cores online: 12 29/11/2019 -- 10:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 10:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 10:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 10:30:02 - - time elapsed 1773.970s 29/11/2019 -- 10:30:04 - - Alerts: 0 29/11/2019 -- 10:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 10:30:05 - - Stats for 'eno4': pkts: 576423537, drop: 157645420 (27.35%), invalid chksum: 0 29/11/2019 -- 10:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 10:30:11 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 10:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 10:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 10:30:30 - - Running in live mode, activating unix socket 29/11/2019 -- 10:30:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 10:30:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 10:30:30 - - All AFP capture threads are running. 29/11/2019 -- 11:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 11:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 11:00:01 - - CPUs/cores online: 12 29/11/2019 -- 11:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 11:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 11:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 11:00:02 - - time elapsed 1772.059s 29/11/2019 -- 11:00:03 - - Alerts: 0 29/11/2019 -- 11:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 11:00:04 - - Stats for 'eno4': pkts: 545477432, drop: 176798820 (32.41%), invalid chksum: 0 29/11/2019 -- 11:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 11:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 11:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 11:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 11:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 11:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 11:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 11:00:28 - - All AFP capture threads are running. 29/11/2019 -- 11:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 11:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 11:30:01 - - CPUs/cores online: 12 29/11/2019 -- 11:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 11:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 11:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 11:30:02 - - time elapsed 1774.319s 29/11/2019 -- 11:30:04 - - Alerts: 0 29/11/2019 -- 11:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 11:30:05 - - Stats for 'eno4': pkts: 554380266, drop: 146617897 (26.45%), invalid chksum: 0 29/11/2019 -- 11:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 11:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 11:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 11:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 11:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 11:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 11:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 11:30:29 - - All AFP capture threads are running. 29/11/2019 -- 12:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 12:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 12:00:02 - - CPUs/cores online: 12 29/11/2019 -- 12:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 12:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 12:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 12:00:03 - - time elapsed 1774.232s 29/11/2019 -- 12:00:05 - - Alerts: 0 29/11/2019 -- 12:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 12:00:05 - - Stats for 'eno4': pkts: 576057350, drop: 156985285 (27.25%), invalid chksum: 0 29/11/2019 -- 12:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 12:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 12:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 12:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 12:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 12:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 12:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 12:00:29 - - All AFP capture threads are running. 29/11/2019 -- 12:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 12:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 12:30:01 - - CPUs/cores online: 12 29/11/2019 -- 12:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 12:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 12:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 12:30:02 - - time elapsed 1772.935s 29/11/2019 -- 12:30:03 - - Alerts: 0 29/11/2019 -- 12:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 12:30:04 - - Stats for 'eno4': pkts: 600512207, drop: 155541010 (25.90%), invalid chksum: 0 29/11/2019 -- 12:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 12:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 12:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 12:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 12:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 12:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 12:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 12:30:28 - - All AFP capture threads are running. 29/11/2019 -- 13:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 13:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 13:00:01 - - CPUs/cores online: 12 29/11/2019 -- 13:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 13:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 13:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 13:00:02 - - time elapsed 1774.383s 29/11/2019 -- 13:00:05 - - Alerts: 0 29/11/2019 -- 13:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 13:00:05 - - Stats for 'eno4': pkts: 577407426, drop: 147661241 (25.57%), invalid chksum: 0 29/11/2019 -- 13:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 13:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 13:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 13:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 13:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 13:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 13:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 13:00:29 - - All AFP capture threads are running. 29/11/2019 -- 13:30:02 - - Signal Received. Stopping engine. 29/11/2019 -- 13:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 13:30:02 - - CPUs/cores online: 12 29/11/2019 -- 13:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 13:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 13:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 13:30:03 - - time elapsed 1774.270s 29/11/2019 -- 13:30:05 - - Alerts: 0 29/11/2019 -- 13:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 13:30:05 - - Stats for 'eno4': pkts: 558944167, drop: 148840463 (26.63%), invalid chksum: 0 29/11/2019 -- 13:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 13:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 13:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 13:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 13:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 13:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 13:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 13:30:29 - - All AFP capture threads are running. 29/11/2019 -- 14:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 14:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 14:00:01 - - CPUs/cores online: 12 29/11/2019 -- 14:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 14:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 14:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 14:00:02 - - time elapsed 1772.838s 29/11/2019 -- 14:00:04 - - Alerts: 0 29/11/2019 -- 14:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 14:00:04 - - Stats for 'eno4': pkts: 565321826, drop: 138121460 (24.43%), invalid chksum: 0 29/11/2019 -- 14:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 14:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 14:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 14:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 14:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 14:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 14:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 14:00:28 - - All AFP capture threads are running. 29/11/2019 -- 14:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 14:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 14:30:01 - - CPUs/cores online: 12 29/11/2019 -- 14:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 14:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 14:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 14:30:02 - - time elapsed 1774.260s 29/11/2019 -- 14:30:04 - - Alerts: 0 29/11/2019 -- 14:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 14:30:05 - - Stats for 'eno4': pkts: 576141539, drop: 145491081 (25.25%), invalid chksum: 0 29/11/2019 -- 14:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 14:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 14:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 14:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 14:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 14:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 14:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 14:30:29 - - All AFP capture threads are running. 29/11/2019 -- 15:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 15:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 15:00:02 - - CPUs/cores online: 12 29/11/2019 -- 15:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 15:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 15:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 15:00:03 - - time elapsed 1774.359s 29/11/2019 -- 15:00:05 - - Alerts: 0 29/11/2019 -- 15:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 15:00:05 - - Stats for 'eno4': pkts: 567796510, drop: 146796493 (25.85%), invalid chksum: 0 29/11/2019 -- 15:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 15:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 15:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 15:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 15:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 15:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 15:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 15:00:29 - - All AFP capture threads are running. 29/11/2019 -- 15:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 15:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 15:30:01 - - CPUs/cores online: 12 29/11/2019 -- 15:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 15:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 15:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 15:30:02 - - time elapsed 1772.771s 29/11/2019 -- 15:30:04 - - Alerts: 0 29/11/2019 -- 15:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 15:30:04 - - Stats for 'eno4': pkts: 578247827, drop: 148499247 (25.68%), invalid chksum: 0 29/11/2019 -- 15:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 15:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 15:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 15:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 15:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 15:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 15:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 15:30:28 - - All AFP capture threads are running. 29/11/2019 -- 16:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 16:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 16:00:01 - - CPUs/cores online: 12 29/11/2019 -- 16:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 16:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 16:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 16:00:02 - - time elapsed 1774.386s 29/11/2019 -- 16:00:05 - - Alerts: 0 29/11/2019 -- 16:00:06 - - cleaning up signature grouping structure... complete 29/11/2019 -- 16:00:06 - - Stats for 'eno4': pkts: 604747295, drop: 150049217 (24.81%), invalid chksum: 0 29/11/2019 -- 16:00:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 16:00:11 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 16:00:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 16:00:30 - - Going to use 12 thread(s) 29/11/2019 -- 16:00:30 - - Running in live mode, activating unix socket 29/11/2019 -- 16:00:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 16:00:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 16:00:30 - - All AFP capture threads are running. 29/11/2019 -- 16:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 16:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 16:30:01 - - CPUs/cores online: 12 29/11/2019 -- 16:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 16:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 16:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 16:30:02 - - time elapsed 1772.011s 29/11/2019 -- 16:30:04 - - Alerts: 0 29/11/2019 -- 16:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 16:30:04 - - Stats for 'eno4': pkts: 620164675, drop: 196000749 (31.60%), invalid chksum: 0 29/11/2019 -- 16:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 16:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 16:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 16:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 16:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 16:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 16:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 16:30:28 - - All AFP capture threads are running. 29/11/2019 -- 17:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 17:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 17:00:01 - - CPUs/cores online: 12 29/11/2019 -- 17:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 17:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 17:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 17:00:02 - - time elapsed 1773.868s 29/11/2019 -- 17:00:04 - - Alerts: 0 29/11/2019 -- 17:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 17:00:05 - - Stats for 'eno4': pkts: 595414208, drop: 148844166 (25.00%), invalid chksum: 0 29/11/2019 -- 17:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 17:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 17:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 17:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 17:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 17:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 17:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 17:00:29 - - All AFP capture threads are running. 29/11/2019 -- 17:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 17:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 17:30:01 - - CPUs/cores online: 12 29/11/2019 -- 17:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 17:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 17:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 17:30:03 - - time elapsed 1774.307s 29/11/2019 -- 17:30:05 - - Alerts: 0 29/11/2019 -- 17:30:06 - - cleaning up signature grouping structure... complete 29/11/2019 -- 17:30:06 - - Stats for 'eno4': pkts: 595508578, drop: 222690245 (37.39%), invalid chksum: 0 29/11/2019 -- 17:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 17:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 17:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 17:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 17:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 17:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 17:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 17:30:29 - - All AFP capture threads are running. 29/11/2019 -- 18:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 18:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 18:00:01 - - CPUs/cores online: 12 29/11/2019 -- 18:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 18:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 18:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 18:00:02 - - time elapsed 1773.025s 29/11/2019 -- 18:00:04 - - Alerts: 0 29/11/2019 -- 18:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 18:00:04 - - Stats for 'eno4': pkts: 605337136, drop: 182258913 (30.11%), invalid chksum: 0 29/11/2019 -- 18:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 18:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 18:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 18:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 18:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 18:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 18:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 18:00:29 - - All AFP capture threads are running. 29/11/2019 -- 18:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 18:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 18:30:01 - - CPUs/cores online: 12 29/11/2019 -- 18:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 18:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 18:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 18:30:02 - - time elapsed 1773.052s 29/11/2019 -- 18:30:04 - - Alerts: 0 29/11/2019 -- 18:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 18:30:05 - - Stats for 'eno4': pkts: 618594240, drop: 151525595 (24.50%), invalid chksum: 0 29/11/2019 -- 18:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 18:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 18:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 18:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 18:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 18:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 18:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 18:30:29 - - All AFP capture threads are running. 29/11/2019 -- 19:00:02 - - Signal Received. Stopping engine. 29/11/2019 -- 19:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 19:00:02 - - CPUs/cores online: 12 29/11/2019 -- 19:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 19:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 19:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 19:00:02 - - time elapsed 1773.685s 29/11/2019 -- 19:00:04 - - Alerts: 0 29/11/2019 -- 19:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 19:00:05 - - Stats for 'eno4': pkts: 582585087, drop: 150022427 (25.75%), invalid chksum: 0 29/11/2019 -- 19:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 19:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 19:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 19:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 19:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 19:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 19:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 19:00:30 - - All AFP capture threads are running. 29/11/2019 -- 19:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 19:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 19:30:01 - - CPUs/cores online: 12 29/11/2019 -- 19:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 19:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 19:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 19:30:02 - - time elapsed 1772.756s 29/11/2019 -- 19:30:04 - - Alerts: 0 29/11/2019 -- 19:30:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 19:30:05 - - Stats for 'eno4': pkts: 603801072, drop: 149590847 (24.77%), invalid chksum: 0 29/11/2019 -- 19:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 19:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 19:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 19:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 19:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 19:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 19:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 19:30:29 - - All AFP capture threads are running. 29/11/2019 -- 20:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 20:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 20:00:01 - - CPUs/cores online: 12 29/11/2019 -- 20:00:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 20:00:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 20:00:02 - - Running in live mode, activating unix socket 29/11/2019 -- 20:00:03 - - time elapsed 1774.194s 29/11/2019 -- 20:00:06 - - Alerts: 0 29/11/2019 -- 20:00:07 - - cleaning up signature grouping structure... complete 29/11/2019 -- 20:00:07 - - Stats for 'eno4': pkts: 636447760, drop: 198592974 (31.20%), invalid chksum: 0 29/11/2019 -- 20:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 20:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 20:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 20:00:29 - - Going to use 12 thread(s) 29/11/2019 -- 20:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 20:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 20:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 20:00:30 - - All AFP capture threads are running. 29/11/2019 -- 20:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 20:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 20:30:01 - - CPUs/cores online: 12 29/11/2019 -- 20:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 20:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 20:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 20:30:02 - - time elapsed 1772.435s 29/11/2019 -- 20:30:04 - - Alerts: 0 29/11/2019 -- 20:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 20:30:05 - - Stats for 'eno4': pkts: 600998944, drop: 147852259 (24.60%), invalid chksum: 0 29/11/2019 -- 20:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 20:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 20:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 20:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 20:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 20:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 20:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 20:30:29 - - All AFP capture threads are running. 29/11/2019 -- 21:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 21:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 21:00:01 - - CPUs/cores online: 12 29/11/2019 -- 21:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 21:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 21:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 21:00:02 - - time elapsed 1774.069s 29/11/2019 -- 21:00:04 - - Alerts: 0 29/11/2019 -- 21:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 21:00:05 - - Stats for 'eno4': pkts: 555249840, drop: 137254174 (24.72%), invalid chksum: 0 29/11/2019 -- 21:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 21:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 21:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 21:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 21:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 21:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 21:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 21:00:29 - - All AFP capture threads are running. 29/11/2019 -- 21:30:02 - - Signal Received. Stopping engine. 29/11/2019 -- 21:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 21:30:02 - - CPUs/cores online: 12 29/11/2019 -- 21:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 21:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 21:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 21:30:02 - - time elapsed 1774.171s 29/11/2019 -- 21:30:04 - - Alerts: 0 29/11/2019 -- 21:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 21:30:05 - - Stats for 'eno4': pkts: 576568599, drop: 158401761 (27.47%), invalid chksum: 0 29/11/2019 -- 21:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 21:30:11 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 21:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 21:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 21:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 21:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 21:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 21:30:30 - - All AFP capture threads are running. 29/11/2019 -- 22:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 22:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 22:00:01 - - CPUs/cores online: 12 29/11/2019 -- 22:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 22:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 22:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 22:00:02 - - time elapsed 1772.551s 29/11/2019 -- 22:00:04 - - Alerts: 0 29/11/2019 -- 22:00:04 - - cleaning up signature grouping structure... complete 29/11/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 564326285, drop: 141894680 (25.14%), invalid chksum: 0 29/11/2019 -- 22:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 22:00:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 22:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 22:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 22:00:29 - - Running in live mode, activating unix socket 29/11/2019 -- 22:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 22:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 22:00:29 - - All AFP capture threads are running. 29/11/2019 -- 22:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 22:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 22:30:01 - - CPUs/cores online: 12 29/11/2019 -- 22:30:02 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 22:30:02 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 22:30:02 - - Running in live mode, activating unix socket 29/11/2019 -- 22:30:02 - - time elapsed 1773.889s 29/11/2019 -- 22:30:05 - - Alerts: 0 29/11/2019 -- 22:30:06 - - cleaning up signature grouping structure... complete 29/11/2019 -- 22:30:06 - - Stats for 'eno4': pkts: 599332609, drop: 152941712 (25.52%), invalid chksum: 0 29/11/2019 -- 22:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 22:30:10 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 22:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 22:30:29 - - Going to use 12 thread(s) 29/11/2019 -- 22:30:29 - - Running in live mode, activating unix socket 29/11/2019 -- 22:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 22:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 22:30:29 - - All AFP capture threads are running. 29/11/2019 -- 23:00:01 - - Signal Received. Stopping engine. 29/11/2019 -- 23:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 23:00:01 - - CPUs/cores online: 12 29/11/2019 -- 23:00:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 23:00:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 23:00:01 - - Running in live mode, activating unix socket 29/11/2019 -- 23:00:02 - - time elapsed 1773.027s 29/11/2019 -- 23:00:04 - - Alerts: 0 29/11/2019 -- 23:00:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 23:00:05 - - Stats for 'eno4': pkts: 559381097, drop: 144281315 (25.79%), invalid chksum: 0 29/11/2019 -- 23:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 23:00:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 23:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 23:00:28 - - Going to use 12 thread(s) 29/11/2019 -- 23:00:28 - - Running in live mode, activating unix socket 29/11/2019 -- 23:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 23:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 23:00:29 - - All AFP capture threads are running. 29/11/2019 -- 23:30:01 - - Signal Received. Stopping engine. 29/11/2019 -- 23:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 29/11/2019 -- 23:30:01 - - CPUs/cores online: 12 29/11/2019 -- 23:30:01 - - eve-log output device (regular) initialized: eve.json 29/11/2019 -- 23:30:01 - - stats output device (regular) initialized: stats.log 29/11/2019 -- 23:30:01 - - Running in live mode, activating unix socket 29/11/2019 -- 23:30:02 - - time elapsed 1774.169s 29/11/2019 -- 23:30:05 - - Alerts: 0 29/11/2019 -- 23:30:05 - - cleaning up signature grouping structure... complete 29/11/2019 -- 23:30:05 - - Stats for 'eno4': pkts: 644903148, drop: 164368600 (25.49%), invalid chksum: 0 29/11/2019 -- 23:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 29/11/2019 -- 23:30:09 - - Threshold config parsed: 0 rule(s) found 29/11/2019 -- 23:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 29/11/2019 -- 23:30:28 - - Going to use 12 thread(s) 29/11/2019 -- 23:30:28 - - Running in live mode, activating unix socket 29/11/2019 -- 23:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 29/11/2019 -- 23:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 29/11/2019 -- 23:30:29 - - All AFP capture threads are running. 30/11/2019 -- 00:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 00:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 00:00:02 - - CPUs/cores online: 12 30/11/2019 -- 00:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 00:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 00:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 00:00:03 - - time elapsed 1774.304s 30/11/2019 -- 00:00:05 - - Alerts: 0 30/11/2019 -- 00:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 00:00:05 - - Stats for 'eno4': pkts: 585951406, drop: 149074226 (25.44%), invalid chksum: 0 30/11/2019 -- 00:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 00:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 00:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 00:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 00:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 00:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 00:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 00:00:29 - - All AFP capture threads are running. 30/11/2019 -- 00:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 00:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 00:30:01 - - CPUs/cores online: 12 30/11/2019 -- 00:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 00:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 00:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 00:30:02 - - time elapsed 1773.257s 30/11/2019 -- 00:30:05 - - Alerts: 0 30/11/2019 -- 00:30:06 - - cleaning up signature grouping structure... complete 30/11/2019 -- 00:30:06 - - Stats for 'eno4': pkts: 543827822, drop: 133559438 (24.56%), invalid chksum: 0 30/11/2019 -- 00:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 00:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 00:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 00:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 00:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 00:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 00:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 00:30:29 - - All AFP capture threads are running. 30/11/2019 -- 01:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 01:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 01:00:01 - - CPUs/cores online: 12 30/11/2019 -- 01:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 01:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 01:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 01:00:02 - - time elapsed 1773.829s 30/11/2019 -- 01:00:05 - - Alerts: 0 30/11/2019 -- 01:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 01:00:05 - - Stats for 'eno4': pkts: 516359811, drop: 159806879 (30.95%), invalid chksum: 0 30/11/2019 -- 01:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 01:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 01:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 01:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 01:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 01:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 01:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 01:00:29 - - All AFP capture threads are running. 30/11/2019 -- 01:30:02 - - Signal Received. Stopping engine. 30/11/2019 -- 01:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 01:30:02 - - CPUs/cores online: 12 30/11/2019 -- 01:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 01:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 01:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 01:30:02 - - time elapsed 1774.035s 30/11/2019 -- 01:30:05 - - Alerts: 0 30/11/2019 -- 01:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 01:30:05 - - Stats for 'eno4': pkts: 712289101, drop: 216323836 (30.37%), invalid chksum: 0 30/11/2019 -- 01:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 01:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 01:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 01:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 01:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 01:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 01:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 01:30:29 - - All AFP capture threads are running. 30/11/2019 -- 02:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 02:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 02:00:01 - - CPUs/cores online: 12 30/11/2019 -- 02:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 02:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 02:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 02:00:02 - - time elapsed 1773.162s 30/11/2019 -- 02:00:04 - - Alerts: 0 30/11/2019 -- 02:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 02:00:05 - - Stats for 'eno4': pkts: 562357889, drop: 182017300 (32.37%), invalid chksum: 0 30/11/2019 -- 02:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 02:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 02:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 02:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 02:00:30 - - Running in live mode, activating unix socket 30/11/2019 -- 02:00:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 02:00:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 02:00:30 - - All AFP capture threads are running. 30/11/2019 -- 02:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 02:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 02:30:01 - - CPUs/cores online: 12 30/11/2019 -- 02:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 02:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 02:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 02:30:02 - - time elapsed 1772.731s 30/11/2019 -- 02:30:04 - - Alerts: 0 30/11/2019 -- 02:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 02:30:05 - - Stats for 'eno4': pkts: 561009770, drop: 133036081 (23.71%), invalid chksum: 0 30/11/2019 -- 02:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 02:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 02:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 02:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 02:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 02:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 02:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 02:30:29 - - All AFP capture threads are running. 30/11/2019 -- 03:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 03:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 03:00:02 - - CPUs/cores online: 12 30/11/2019 -- 03:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 03:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 03:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 03:00:03 - - time elapsed 1774.148s 30/11/2019 -- 03:00:05 - - Alerts: 0 30/11/2019 -- 03:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 03:00:05 - - Stats for 'eno4': pkts: 549064029, drop: 140827316 (25.65%), invalid chksum: 0 30/11/2019 -- 03:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 03:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 03:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 03:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 03:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 03:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 03:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 03:00:30 - - All AFP capture threads are running. 30/11/2019 -- 03:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 03:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 03:30:01 - - CPUs/cores online: 12 30/11/2019 -- 03:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 03:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 03:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 03:30:02 - - time elapsed 1772.867s 30/11/2019 -- 03:30:04 - - Alerts: 0 30/11/2019 -- 03:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 03:30:05 - - Stats for 'eno4': pkts: 669930069, drop: 198428912 (29.62%), invalid chksum: 0 30/11/2019 -- 03:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 03:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 03:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 03:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 03:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 03:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 03:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 03:30:29 - - All AFP capture threads are running. 30/11/2019 -- 04:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 04:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 04:00:01 - - CPUs/cores online: 12 30/11/2019 -- 04:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 04:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 04:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 04:00:02 - - time elapsed 1774.065s 30/11/2019 -- 04:00:05 - - Alerts: 0 30/11/2019 -- 04:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 04:00:05 - - Stats for 'eno4': pkts: 566217335, drop: 149746103 (26.45%), invalid chksum: 0 30/11/2019 -- 04:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 04:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 04:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 04:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 04:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 04:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 04:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 04:00:29 - - All AFP capture threads are running. 30/11/2019 -- 04:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 04:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 04:30:01 - - CPUs/cores online: 12 30/11/2019 -- 04:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 04:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 04:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 04:30:02 - - time elapsed 1772.908s 30/11/2019 -- 04:30:04 - - Alerts: 0 30/11/2019 -- 04:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 04:30:04 - - Stats for 'eno4': pkts: 571989803, drop: 155114960 (27.12%), invalid chksum: 0 30/11/2019 -- 04:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 04:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 04:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 04:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 04:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 04:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 04:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 04:30:28 - - All AFP capture threads are running. 30/11/2019 -- 05:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 05:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 05:00:01 - - CPUs/cores online: 12 30/11/2019 -- 05:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 05:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 05:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 05:00:02 - - time elapsed 1774.228s 30/11/2019 -- 05:00:04 - - Alerts: 0 30/11/2019 -- 05:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 05:00:05 - - Stats for 'eno4': pkts: 549491834, drop: 149028578 (27.12%), invalid chksum: 0 30/11/2019 -- 05:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 05:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 05:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 05:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 05:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 05:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 05:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 05:00:29 - - All AFP capture threads are running. 30/11/2019 -- 05:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 05:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 05:30:02 - - CPUs/cores online: 12 30/11/2019 -- 05:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 05:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 05:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 05:30:03 - - time elapsed 1774.607s 30/11/2019 -- 05:30:05 - - Alerts: 0 30/11/2019 -- 05:30:06 - - cleaning up signature grouping structure... complete 30/11/2019 -- 05:30:06 - - Stats for 'eno4': pkts: 566118227, drop: 147467355 (26.05%), invalid chksum: 0 30/11/2019 -- 05:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 05:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 05:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 05:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 05:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 05:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 05:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 05:30:30 - - All AFP capture threads are running. 30/11/2019 -- 06:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 06:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 06:00:01 - - CPUs/cores online: 12 30/11/2019 -- 06:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 06:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 06:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 06:00:02 - - time elapsed 1772.716s 30/11/2019 -- 06:00:04 - - Alerts: 0 30/11/2019 -- 06:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 06:00:05 - - Stats for 'eno4': pkts: 518623111, drop: 147936597 (28.52%), invalid chksum: 0 30/11/2019 -- 06:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 06:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 06:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 06:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 06:00:28 - - Running in live mode, activating unix socket 30/11/2019 -- 06:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 06:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 06:00:29 - - All AFP capture threads are running. 30/11/2019 -- 06:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 06:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 06:30:01 - - CPUs/cores online: 12 30/11/2019 -- 06:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 06:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 06:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 06:30:03 - - time elapsed 1774.763s 30/11/2019 -- 06:30:05 - - Alerts: 0 30/11/2019 -- 06:30:06 - - cleaning up signature grouping structure... complete 30/11/2019 -- 06:30:06 - - Stats for 'eno4': pkts: 576960129, drop: 165830594 (28.74%), invalid chksum: 0 30/11/2019 -- 06:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 06:30:11 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 06:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 06:30:31 - - Going to use 12 thread(s) 30/11/2019 -- 06:30:31 - - Running in live mode, activating unix socket 30/11/2019 -- 06:30:31 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 06:30:31 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 06:30:32 - - All AFP capture threads are running. 30/11/2019 -- 07:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 07:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 07:00:02 - - CPUs/cores online: 12 30/11/2019 -- 07:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 07:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 07:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 07:00:03 - - time elapsed 1771.560s 30/11/2019 -- 07:00:05 - - Alerts: 0 30/11/2019 -- 07:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 07:00:05 - - Stats for 'eno4': pkts: 550183893, drop: 158794987 (28.86%), invalid chksum: 0 30/11/2019 -- 07:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 07:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 07:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 07:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 07:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 07:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 07:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 07:00:29 - - All AFP capture threads are running. 30/11/2019 -- 07:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 07:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 07:30:01 - - CPUs/cores online: 12 30/11/2019 -- 07:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 07:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 07:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 07:30:02 - - time elapsed 1773.316s 30/11/2019 -- 07:30:04 - - Alerts: 0 30/11/2019 -- 07:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 07:30:04 - - Stats for 'eno4': pkts: 544396039, drop: 140613281 (25.83%), invalid chksum: 0 30/11/2019 -- 07:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 07:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 07:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 07:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 07:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 07:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 07:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 07:30:29 - - All AFP capture threads are running. 30/11/2019 -- 08:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 08:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 08:00:01 - - CPUs/cores online: 12 30/11/2019 -- 08:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 08:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 08:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 08:00:02 - - time elapsed 1774.243s 30/11/2019 -- 08:00:05 - - Alerts: 0 30/11/2019 -- 08:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 08:00:05 - - Stats for 'eno4': pkts: 565980120, drop: 161809575 (28.59%), invalid chksum: 0 30/11/2019 -- 08:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 08:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 08:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 08:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 08:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 08:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 08:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 08:00:29 - - All AFP capture threads are running. 30/11/2019 -- 08:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 08:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 08:30:01 - - CPUs/cores online: 12 30/11/2019 -- 08:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 08:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 08:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 08:30:02 - - time elapsed 1772.983s 30/11/2019 -- 08:30:04 - - Alerts: 0 30/11/2019 -- 08:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 08:30:04 - - Stats for 'eno4': pkts: 553643532, drop: 147235779 (26.59%), invalid chksum: 0 30/11/2019 -- 08:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 08:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 08:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 08:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 08:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 08:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 08:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 08:30:29 - - All AFP capture threads are running. 30/11/2019 -- 09:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 09:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 09:00:01 - - CPUs/cores online: 12 30/11/2019 -- 09:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 09:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 09:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 09:00:02 - - time elapsed 1772.986s 30/11/2019 -- 09:00:04 - - Alerts: 0 30/11/2019 -- 09:00:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 09:00:04 - - Stats for 'eno4': pkts: 545892892, drop: 142298453 (26.07%), invalid chksum: 0 30/11/2019 -- 09:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 09:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 09:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 09:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 09:00:28 - - Running in live mode, activating unix socket 30/11/2019 -- 09:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 09:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 09:00:29 - - All AFP capture threads are running. 30/11/2019 -- 09:30:02 - - Signal Received. Stopping engine. 30/11/2019 -- 09:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 09:30:02 - - CPUs/cores online: 12 30/11/2019 -- 09:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 09:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 09:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 09:30:03 - - time elapsed 1774.613s 30/11/2019 -- 09:30:05 - - Alerts: 0 30/11/2019 -- 09:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 09:30:05 - - Stats for 'eno4': pkts: 534947897, drop: 136264613 (25.47%), invalid chksum: 0 30/11/2019 -- 09:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 09:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 09:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 09:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 09:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 09:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 09:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 09:30:29 - - All AFP capture threads are running. 30/11/2019 -- 10:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 10:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 10:00:01 - - CPUs/cores online: 12 30/11/2019 -- 10:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 10:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 10:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 10:00:02 - - time elapsed 1773.037s 30/11/2019 -- 10:00:04 - - Alerts: 0 30/11/2019 -- 10:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 10:00:05 - - Stats for 'eno4': pkts: 549701794, drop: 143576446 (26.12%), invalid chksum: 0 30/11/2019 -- 10:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 10:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 10:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 10:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 10:00:28 - - Running in live mode, activating unix socket 30/11/2019 -- 10:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 10:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 10:00:29 - - All AFP capture threads are running. 30/11/2019 -- 10:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 10:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 10:30:01 - - CPUs/cores online: 12 30/11/2019 -- 10:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 10:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 10:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 10:30:02 - - time elapsed 1774.445s 30/11/2019 -- 10:30:05 - - Alerts: 0 30/11/2019 -- 10:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 10:30:05 - - Stats for 'eno4': pkts: 558774650, drop: 155789925 (27.88%), invalid chksum: 0 30/11/2019 -- 10:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 10:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 10:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 10:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 10:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 10:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 10:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 10:30:29 - - All AFP capture threads are running. 30/11/2019 -- 11:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 11:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 11:00:02 - - CPUs/cores online: 12 30/11/2019 -- 11:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 11:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 11:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 11:00:03 - - time elapsed 1774.226s 30/11/2019 -- 11:00:05 - - Alerts: 0 30/11/2019 -- 11:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 11:00:05 - - Stats for 'eno4': pkts: 535543527, drop: 140476419 (26.23%), invalid chksum: 0 30/11/2019 -- 11:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 11:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 11:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 11:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 11:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 11:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 11:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 11:00:29 - - All AFP capture threads are running. 30/11/2019 -- 11:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 11:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 11:30:01 - - CPUs/cores online: 12 30/11/2019 -- 11:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 11:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 11:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 11:30:02 - - time elapsed 1773.196s 30/11/2019 -- 11:30:04 - - Alerts: 0 30/11/2019 -- 11:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 11:30:04 - - Stats for 'eno4': pkts: 535613379, drop: 140544737 (26.24%), invalid chksum: 0 30/11/2019 -- 11:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 11:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 11:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 11:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 11:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 11:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 11:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 11:30:29 - - All AFP capture threads are running. 30/11/2019 -- 12:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 12:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 12:00:01 - - CPUs/cores online: 12 30/11/2019 -- 12:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 12:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 12:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 12:00:02 - - time elapsed 1774.009s 30/11/2019 -- 12:00:04 - - Alerts: 0 30/11/2019 -- 12:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 12:00:05 - - Stats for 'eno4': pkts: 527837301, drop: 136675164 (25.89%), invalid chksum: 0 30/11/2019 -- 12:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 12:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 12:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 12:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 12:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 12:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 12:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 12:00:29 - - All AFP capture threads are running. 30/11/2019 -- 12:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 12:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 12:30:01 - - CPUs/cores online: 12 30/11/2019 -- 12:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 12:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 12:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 12:30:02 - - time elapsed 1772.880s 30/11/2019 -- 12:30:04 - - Alerts: 0 30/11/2019 -- 12:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 12:30:04 - - Stats for 'eno4': pkts: 514600734, drop: 136680335 (26.56%), invalid chksum: 0 30/11/2019 -- 12:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 12:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 12:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 12:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 12:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 12:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 12:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 12:30:28 - - All AFP capture threads are running. 30/11/2019 -- 13:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 13:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 13:00:01 - - CPUs/cores online: 12 30/11/2019 -- 13:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 13:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 13:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 13:00:02 - - time elapsed 1774.359s 30/11/2019 -- 13:00:04 - - Alerts: 0 30/11/2019 -- 13:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 13:00:05 - - Stats for 'eno4': pkts: 505819034, drop: 137543942 (27.19%), invalid chksum: 0 30/11/2019 -- 13:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 13:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 13:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 13:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 13:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 13:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 13:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 13:00:29 - - All AFP capture threads are running. 30/11/2019 -- 13:30:02 - - Signal Received. Stopping engine. 30/11/2019 -- 13:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 13:30:02 - - CPUs/cores online: 12 30/11/2019 -- 13:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 13:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 13:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 13:30:02 - - time elapsed 1774.050s 30/11/2019 -- 13:30:04 - - Alerts: 0 30/11/2019 -- 13:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 13:30:05 - - Stats for 'eno4': pkts: 514901482, drop: 151269843 (29.38%), invalid chksum: 0 30/11/2019 -- 13:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 13:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 13:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 13:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 13:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 13:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 13:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 13:30:30 - - All AFP capture threads are running. 30/11/2019 -- 14:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 14:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 14:00:01 - - CPUs/cores online: 12 30/11/2019 -- 14:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 14:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 14:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 14:00:02 - - time elapsed 1772.736s 30/11/2019 -- 14:00:04 - - Alerts: 0 30/11/2019 -- 14:00:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 14:00:04 - - Stats for 'eno4': pkts: 493287027, drop: 142408498 (28.87%), invalid chksum: 0 30/11/2019 -- 14:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 14:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 14:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 14:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 14:00:28 - - Running in live mode, activating unix socket 30/11/2019 -- 14:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 14:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 14:00:29 - - All AFP capture threads are running. 30/11/2019 -- 14:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 14:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 14:30:01 - - CPUs/cores online: 12 30/11/2019 -- 14:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 14:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 14:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 14:30:02 - - time elapsed 1773.956s 30/11/2019 -- 14:30:04 - - Alerts: 0 30/11/2019 -- 14:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 14:30:04 - - Stats for 'eno4': pkts: 534721637, drop: 181009971 (33.85%), invalid chksum: 0 30/11/2019 -- 14:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 14:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 14:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 14:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 14:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 14:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 14:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 14:30:29 - - All AFP capture threads are running. 30/11/2019 -- 15:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 15:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 15:00:02 - - CPUs/cores online: 12 30/11/2019 -- 15:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 15:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 15:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 15:00:02 - - time elapsed 1774.306s 30/11/2019 -- 15:00:04 - - Alerts: 0 30/11/2019 -- 15:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 15:00:05 - - Stats for 'eno4': pkts: 517925842, drop: 135227800 (26.11%), invalid chksum: 0 30/11/2019 -- 15:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 15:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 15:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 15:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 15:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 15:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 15:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 15:00:29 - - All AFP capture threads are running. 30/11/2019 -- 15:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 15:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 15:30:01 - - CPUs/cores online: 12 30/11/2019 -- 15:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 15:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 15:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 15:30:02 - - time elapsed 1773.365s 30/11/2019 -- 15:30:04 - - Alerts: 0 30/11/2019 -- 15:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 15:30:04 - - Stats for 'eno4': pkts: 563216912, drop: 149026485 (26.46%), invalid chksum: 0 30/11/2019 -- 15:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 15:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 15:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 15:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 15:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 15:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 15:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 15:30:28 - - All AFP capture threads are running. 30/11/2019 -- 16:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 16:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 16:00:01 - - CPUs/cores online: 12 30/11/2019 -- 16:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 16:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 16:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 16:00:02 - - time elapsed 1774.114s 30/11/2019 -- 16:00:04 - - Alerts: 0 30/11/2019 -- 16:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 16:00:05 - - Stats for 'eno4': pkts: 581986293, drop: 151841157 (26.09%), invalid chksum: 0 30/11/2019 -- 16:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 16:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 16:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 16:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 16:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 16:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 16:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 16:00:30 - - All AFP capture threads are running. 30/11/2019 -- 16:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 16:30:02 - - CPUs/cores online: 12 30/11/2019 -- 16:30:02 - - Signal Received. Stopping engine. 30/11/2019 -- 16:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 16:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 16:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 16:30:03 - - time elapsed 1773.864s 30/11/2019 -- 16:30:05 - - Alerts: 0 30/11/2019 -- 16:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 16:30:05 - - Stats for 'eno4': pkts: 580332032, drop: 150905322 (26.00%), invalid chksum: 0 30/11/2019 -- 16:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 16:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 16:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 16:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 16:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 16:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 16:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 16:30:29 - - All AFP capture threads are running. 30/11/2019 -- 17:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 17:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 17:00:01 - - CPUs/cores online: 12 30/11/2019 -- 17:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 17:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 17:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 17:00:02 - - time elapsed 1773.145s 30/11/2019 -- 17:00:04 - - Alerts: 0 30/11/2019 -- 17:00:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 17:00:05 - - Stats for 'eno4': pkts: 542748161, drop: 159262549 (29.34%), invalid chksum: 0 30/11/2019 -- 17:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 17:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 17:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 17:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 17:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 17:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 17:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 17:00:30 - - All AFP capture threads are running. 30/11/2019 -- 17:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 17:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 17:30:01 - - CPUs/cores online: 12 30/11/2019 -- 17:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 17:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 17:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 17:30:02 - - time elapsed 1773.290s 30/11/2019 -- 17:30:04 - - Alerts: 0 30/11/2019 -- 17:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 17:30:05 - - Stats for 'eno4': pkts: 573702471, drop: 147706533 (25.75%), invalid chksum: 0 30/11/2019 -- 17:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 17:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 17:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 17:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 17:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 17:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 17:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 17:30:29 - - All AFP capture threads are running. 30/11/2019 -- 18:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 18:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 18:00:02 - - CPUs/cores online: 12 30/11/2019 -- 18:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 18:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 18:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 18:00:03 - - time elapsed 1773.754s 30/11/2019 -- 18:00:04 - - Alerts: 0 30/11/2019 -- 18:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 18:00:05 - - Stats for 'eno4': pkts: 557448941, drop: 188537663 (33.82%), invalid chksum: 0 30/11/2019 -- 18:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 18:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 18:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 18:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 18:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 18:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 18:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 18:00:29 - - All AFP capture threads are running. 30/11/2019 -- 18:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 18:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 18:30:01 - - CPUs/cores online: 12 30/11/2019 -- 18:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 18:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 18:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 18:30:02 - - time elapsed 1773.332s 30/11/2019 -- 18:30:04 - - Alerts: 0 30/11/2019 -- 18:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 18:30:04 - - Stats for 'eno4': pkts: 573530167, drop: 147775487 (25.77%), invalid chksum: 0 30/11/2019 -- 18:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 18:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 18:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 18:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 18:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 18:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 18:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 18:30:29 - - All AFP capture threads are running. 30/11/2019 -- 19:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 19:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 19:00:01 - - CPUs/cores online: 12 30/11/2019 -- 19:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 19:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 19:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 19:00:02 - - time elapsed 1774.316s 30/11/2019 -- 19:00:04 - - Alerts: 0 30/11/2019 -- 19:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 19:00:05 - - Stats for 'eno4': pkts: 534035012, drop: 148016257 (27.72%), invalid chksum: 0 30/11/2019 -- 19:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 19:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 19:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 19:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 19:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 19:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 19:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 19:00:29 - - All AFP capture threads are running. 30/11/2019 -- 19:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 19:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 19:30:01 - - CPUs/cores online: 12 30/11/2019 -- 19:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 19:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 19:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 19:30:01 - - time elapsed 1772.987s 30/11/2019 -- 19:30:03 - - Alerts: 0 30/11/2019 -- 19:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 19:30:04 - - Stats for 'eno4': pkts: 520856312, drop: 132060117 (25.35%), invalid chksum: 0 30/11/2019 -- 19:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 19:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 19:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 19:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 19:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 19:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 19:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 19:30:28 - - All AFP capture threads are running. 30/11/2019 -- 20:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 20:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 20:00:01 - - CPUs/cores online: 12 30/11/2019 -- 20:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 20:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 20:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 20:00:02 - - time elapsed 1774.363s 30/11/2019 -- 20:00:04 - - Alerts: 0 30/11/2019 -- 20:00:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 20:00:04 - - Stats for 'eno4': pkts: 521187442, drop: 130379059 (25.02%), invalid chksum: 0 30/11/2019 -- 20:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 20:00:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 20:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 20:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 20:00:28 - - Running in live mode, activating unix socket 30/11/2019 -- 20:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 20:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 20:00:29 - - All AFP capture threads are running. 30/11/2019 -- 20:30:02 - - Signal Received. Stopping engine. 30/11/2019 -- 20:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 20:30:02 - - CPUs/cores online: 12 30/11/2019 -- 20:30:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 20:30:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 20:30:02 - - Running in live mode, activating unix socket 30/11/2019 -- 20:30:02 - - time elapsed 1774.255s 30/11/2019 -- 20:30:04 - - Alerts: 0 30/11/2019 -- 20:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 20:30:05 - - Stats for 'eno4': pkts: 524336220, drop: 135214390 (25.79%), invalid chksum: 0 30/11/2019 -- 20:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 20:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 20:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 20:30:29 - - Going to use 12 thread(s) 30/11/2019 -- 20:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 20:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 20:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 20:30:29 - - All AFP capture threads are running. 30/11/2019 -- 21:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 21:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 21:00:01 - - CPUs/cores online: 12 30/11/2019 -- 21:00:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 21:00:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 21:00:01 - - Running in live mode, activating unix socket 30/11/2019 -- 21:00:02 - - time elapsed 1772.806s 30/11/2019 -- 21:00:04 - - Alerts: 0 30/11/2019 -- 21:00:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 21:00:04 - - Stats for 'eno4': pkts: 510306727, drop: 124861505 (24.47%), invalid chksum: 0 30/11/2019 -- 21:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 21:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 21:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 21:00:28 - - Going to use 12 thread(s) 30/11/2019 -- 21:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 21:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 21:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 21:00:29 - - All AFP capture threads are running. 30/11/2019 -- 21:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 21:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 21:30:01 - - CPUs/cores online: 12 30/11/2019 -- 21:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 21:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 21:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 21:30:02 - - time elapsed 1773.844s 30/11/2019 -- 21:30:04 - - Alerts: 0 30/11/2019 -- 21:30:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 21:30:05 - - Stats for 'eno4': pkts: 523024606, drop: 150304926 (28.74%), invalid chksum: 0 30/11/2019 -- 21:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 21:30:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 21:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 21:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 21:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 21:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 21:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 21:30:29 - - All AFP capture threads are running. 30/11/2019 -- 22:00:02 - - Signal Received. Stopping engine. 30/11/2019 -- 22:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 22:00:02 - - CPUs/cores online: 12 30/11/2019 -- 22:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 22:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 22:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 22:00:03 - - time elapsed 1774.147s 30/11/2019 -- 22:00:05 - - Alerts: 0 30/11/2019 -- 22:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 22:00:05 - - Stats for 'eno4': pkts: 515971070, drop: 138409082 (26.82%), invalid chksum: 0 30/11/2019 -- 22:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 22:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 22:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 22:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 22:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 22:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 22:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 22:00:30 - - All AFP capture threads are running. 30/11/2019 -- 22:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 22:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 22:30:01 - - CPUs/cores online: 12 30/11/2019 -- 22:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 22:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 22:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 22:30:02 - - time elapsed 1772.754s 30/11/2019 -- 22:30:04 - - Alerts: 0 30/11/2019 -- 22:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 22:30:04 - - Stats for 'eno4': pkts: 526111097, drop: 164283366 (31.23%), invalid chksum: 0 30/11/2019 -- 22:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 22:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 22:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 22:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 22:30:29 - - Running in live mode, activating unix socket 30/11/2019 -- 22:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 22:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 22:30:29 - - All AFP capture threads are running. 30/11/2019 -- 23:00:01 - - Signal Received. Stopping engine. 30/11/2019 -- 23:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 23:00:01 - - CPUs/cores online: 12 30/11/2019 -- 23:00:02 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 23:00:02 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 23:00:02 - - Running in live mode, activating unix socket 30/11/2019 -- 23:00:02 - - time elapsed 1773.952s 30/11/2019 -- 23:00:04 - - Alerts: 0 30/11/2019 -- 23:00:05 - - cleaning up signature grouping structure... complete 30/11/2019 -- 23:00:05 - - Stats for 'eno4': pkts: 528276591, drop: 134470470 (25.45%), invalid chksum: 0 30/11/2019 -- 23:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 23:00:10 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 23:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 23:00:29 - - Going to use 12 thread(s) 30/11/2019 -- 23:00:29 - - Running in live mode, activating unix socket 30/11/2019 -- 23:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 23:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 23:00:30 - - All AFP capture threads are running. 30/11/2019 -- 23:30:01 - - Signal Received. Stopping engine. 30/11/2019 -- 23:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 30/11/2019 -- 23:30:01 - - CPUs/cores online: 12 30/11/2019 -- 23:30:01 - - eve-log output device (regular) initialized: eve.json 30/11/2019 -- 23:30:01 - - stats output device (regular) initialized: stats.log 30/11/2019 -- 23:30:01 - - Running in live mode, activating unix socket 30/11/2019 -- 23:30:02 - - time elapsed 1772.471s 30/11/2019 -- 23:30:04 - - Alerts: 0 30/11/2019 -- 23:30:04 - - cleaning up signature grouping structure... complete 30/11/2019 -- 23:30:04 - - Stats for 'eno4': pkts: 629615100, drop: 206496047 (32.80%), invalid chksum: 0 30/11/2019 -- 23:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 30/11/2019 -- 23:30:09 - - Threshold config parsed: 0 rule(s) found 30/11/2019 -- 23:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 30/11/2019 -- 23:30:28 - - Going to use 12 thread(s) 30/11/2019 -- 23:30:28 - - Running in live mode, activating unix socket 30/11/2019 -- 23:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 30/11/2019 -- 23:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 30/11/2019 -- 23:30:29 - - All AFP capture threads are running. 1/12/2019 -- 00:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 00:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 00:00:01 - - CPUs/cores online: 12 1/12/2019 -- 00:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 00:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 00:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 00:00:02 - - time elapsed 1773.962s 1/12/2019 -- 00:00:04 - - Alerts: 0 1/12/2019 -- 00:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 00:00:04 - - Stats for 'eno4': pkts: 539631890, drop: 144038549 (26.69%), invalid chksum: 0 1/12/2019 -- 00:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 00:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 00:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 00:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 00:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 00:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 00:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 00:00:29 - - All AFP capture threads are running. 1/12/2019 -- 00:30:02 - - Signal Received. Stopping engine. 1/12/2019 -- 00:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 00:30:02 - - CPUs/cores online: 12 1/12/2019 -- 00:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 00:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 00:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 00:30:02 - - time elapsed 1773.598s 1/12/2019 -- 00:30:05 - - Alerts: 0 1/12/2019 -- 00:30:06 - - cleaning up signature grouping structure... complete 1/12/2019 -- 00:30:06 - - Stats for 'eno4': pkts: 539188618, drop: 135520176 (25.13%), invalid chksum: 0 1/12/2019 -- 00:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 00:30:11 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 00:30:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 00:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 00:30:30 - - Running in live mode, activating unix socket 1/12/2019 -- 00:30:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 00:30:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 00:30:30 - - All AFP capture threads are running. 1/12/2019 -- 01:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 01:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 01:00:01 - - CPUs/cores online: 12 1/12/2019 -- 01:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 01:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 01:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 01:00:02 - - time elapsed 1772.158s 1/12/2019 -- 01:00:03 - - Alerts: 0 1/12/2019 -- 01:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 01:00:04 - - Stats for 'eno4': pkts: 505713372, drop: 117497428 (23.23%), invalid chksum: 0 1/12/2019 -- 01:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 01:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 01:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 01:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 01:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 01:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 01:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 01:00:28 - - All AFP capture threads are running. 1/12/2019 -- 01:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 01:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 01:30:01 - - CPUs/cores online: 12 1/12/2019 -- 01:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 01:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 01:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 01:30:02 - - time elapsed 1774.229s 1/12/2019 -- 01:30:04 - - Alerts: 0 1/12/2019 -- 01:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 01:30:05 - - Stats for 'eno4': pkts: 575913963, drop: 148911597 (25.86%), invalid chksum: 0 1/12/2019 -- 01:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 01:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 01:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 01:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 01:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 01:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 01:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 01:30:29 - - All AFP capture threads are running. 1/12/2019 -- 02:00:02 - - Signal Received. Stopping engine. 1/12/2019 -- 02:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 02:00:02 - - CPUs/cores online: 12 1/12/2019 -- 02:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 02:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 02:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 02:00:02 - - time elapsed 1773.836s 1/12/2019 -- 02:00:04 - - Alerts: 0 1/12/2019 -- 02:00:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 02:00:05 - - Stats for 'eno4': pkts: 584259043, drop: 147332964 (25.22%), invalid chksum: 0 1/12/2019 -- 02:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 02:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 02:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 02:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 02:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 02:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 02:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 02:00:29 - - All AFP capture threads are running. 1/12/2019 -- 02:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 02:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 02:30:01 - - CPUs/cores online: 12 1/12/2019 -- 02:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 02:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 02:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 02:30:02 - - time elapsed 1772.957s 1/12/2019 -- 02:30:04 - - Alerts: 0 1/12/2019 -- 02:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 02:30:04 - - Stats for 'eno4': pkts: 568739284, drop: 145440257 (25.57%), invalid chksum: 1 1/12/2019 -- 02:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 02:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 02:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 02:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 02:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 02:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 02:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 02:30:29 - - All AFP capture threads are running. 1/12/2019 -- 03:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 03:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 03:00:01 - - CPUs/cores online: 12 1/12/2019 -- 03:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 03:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 03:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 03:00:02 - - time elapsed 1773.884s 1/12/2019 -- 03:00:04 - - Alerts: 0 1/12/2019 -- 03:00:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 03:00:05 - - Stats for 'eno4': pkts: 550176423, drop: 143576752 (26.10%), invalid chksum: 0 1/12/2019 -- 03:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 03:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 03:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 03:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 03:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 03:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 03:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 03:00:29 - - All AFP capture threads are running. 1/12/2019 -- 03:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 03:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 03:30:01 - - CPUs/cores online: 12 1/12/2019 -- 03:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 03:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 03:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 03:30:02 - - time elapsed 1773.365s 1/12/2019 -- 03:30:04 - - Alerts: 0 1/12/2019 -- 03:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 03:30:04 - - Stats for 'eno4': pkts: 689478913, drop: 222700714 (32.30%), invalid chksum: 0 1/12/2019 -- 03:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 03:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 03:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 03:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 03:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 03:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 03:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 03:30:29 - - All AFP capture threads are running. 1/12/2019 -- 04:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 04:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 04:00:01 - - CPUs/cores online: 12 1/12/2019 -- 04:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 04:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 04:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 04:00:02 - - time elapsed 1773.583s 1/12/2019 -- 04:00:04 - - Alerts: 0 1/12/2019 -- 04:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 04:00:04 - - Stats for 'eno4': pkts: 537601106, drop: 135825866 (25.27%), invalid chksum: 0 1/12/2019 -- 04:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 04:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 04:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 04:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 04:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 04:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 04:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 04:00:29 - - All AFP capture threads are running. 1/12/2019 -- 04:30:02 - - Signal Received. Stopping engine. 1/12/2019 -- 04:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 04:30:02 - - CPUs/cores online: 12 1/12/2019 -- 04:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 04:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 04:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 04:30:02 - - time elapsed 1774.077s 1/12/2019 -- 04:30:04 - - Alerts: 0 1/12/2019 -- 04:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 04:30:05 - - Stats for 'eno4': pkts: 637056000, drop: 218578221 (34.31%), invalid chksum: 0 1/12/2019 -- 04:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 04:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 04:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 04:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 04:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 04:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 04:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 04:30:29 - - All AFP capture threads are running. 1/12/2019 -- 05:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 05:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 05:00:01 - - CPUs/cores online: 12 1/12/2019 -- 05:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 05:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 05:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 05:00:02 - - time elapsed 1772.780s 1/12/2019 -- 05:00:03 - - Alerts: 0 1/12/2019 -- 05:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 05:00:04 - - Stats for 'eno4': pkts: 558797309, drop: 134659516 (24.10%), invalid chksum: 0 1/12/2019 -- 05:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 05:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 05:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 05:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 05:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 05:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 05:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 05:00:28 - - All AFP capture threads are running. 1/12/2019 -- 05:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 05:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 05:30:01 - - CPUs/cores online: 12 1/12/2019 -- 05:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 05:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 05:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 05:30:02 - - time elapsed 1774.126s 1/12/2019 -- 05:30:04 - - Alerts: 0 1/12/2019 -- 05:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 05:30:04 - - Stats for 'eno4': pkts: 583686062, drop: 207317301 (35.52%), invalid chksum: 0 1/12/2019 -- 05:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 05:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 05:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 05:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 05:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 05:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 05:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 05:30:29 - - All AFP capture threads are running. 1/12/2019 -- 06:00:02 - - Signal Received. Stopping engine. 1/12/2019 -- 06:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 06:00:02 - - CPUs/cores online: 12 1/12/2019 -- 06:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 06:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 06:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 06:00:03 - - time elapsed 1774.520s 1/12/2019 -- 06:00:05 - - Alerts: 0 1/12/2019 -- 06:00:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 06:00:05 - - Stats for 'eno4': pkts: 550140145, drop: 149669838 (27.21%), invalid chksum: 0 1/12/2019 -- 06:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 06:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 06:00:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 06:00:30 - - Going to use 12 thread(s) 1/12/2019 -- 06:00:30 - - Running in live mode, activating unix socket 1/12/2019 -- 06:00:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 06:00:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 06:00:30 - - All AFP capture threads are running. 1/12/2019 -- 06:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 06:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 06:30:01 - - CPUs/cores online: 12 1/12/2019 -- 06:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 06:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 06:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 06:30:02 - - time elapsed 1772.747s 1/12/2019 -- 06:30:04 - - Alerts: 0 1/12/2019 -- 06:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 06:30:05 - - Stats for 'eno4': pkts: 609022056, drop: 148429480 (24.37%), invalid chksum: 0 1/12/2019 -- 06:30:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 06:30:12 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 06:30:12 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 06:30:32 - - Going to use 12 thread(s) 1/12/2019 -- 06:30:32 - - Running in live mode, activating unix socket 1/12/2019 -- 06:30:32 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 06:30:32 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 06:30:32 - - All AFP capture threads are running. 1/12/2019 -- 07:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 07:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 07:00:01 - - CPUs/cores online: 12 1/12/2019 -- 07:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 07:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 07:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 07:00:02 - - time elapsed 1769.873s 1/12/2019 -- 07:00:04 - - Alerts: 0 1/12/2019 -- 07:00:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 07:00:05 - - Stats for 'eno4': pkts: 577239402, drop: 184376843 (31.94%), invalid chksum: 0 1/12/2019 -- 07:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 07:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 07:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 07:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 07:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 07:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 07:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 07:00:29 - - All AFP capture threads are running. 1/12/2019 -- 07:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 07:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 07:30:01 - - CPUs/cores online: 12 1/12/2019 -- 07:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 07:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 07:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 07:30:02 - - time elapsed 1774.156s 1/12/2019 -- 07:30:04 - - Alerts: 0 1/12/2019 -- 07:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 07:30:05 - - Stats for 'eno4': pkts: 573973318, drop: 150447377 (26.21%), invalid chksum: 0 1/12/2019 -- 07:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 07:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 07:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 07:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 07:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 07:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 07:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 07:30:29 - - All AFP capture threads are running. 1/12/2019 -- 08:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 08:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 08:00:01 - - CPUs/cores online: 12 1/12/2019 -- 08:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 08:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 08:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 08:00:01 - - time elapsed 1772.867s 1/12/2019 -- 08:00:03 - - Alerts: 0 1/12/2019 -- 08:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 08:00:04 - - Stats for 'eno4': pkts: 619184684, drop: 206062325 (33.28%), invalid chksum: 0 1/12/2019 -- 08:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 08:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 08:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 08:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 08:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 08:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 08:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 08:00:28 - - All AFP capture threads are running. 1/12/2019 -- 08:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 08:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 08:30:01 - - CPUs/cores online: 12 1/12/2019 -- 08:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 08:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 08:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 08:30:02 - - time elapsed 1774.287s 1/12/2019 -- 08:30:04 - - Alerts: 0 1/12/2019 -- 08:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 08:30:05 - - Stats for 'eno4': pkts: 605330229, drop: 148946099 (24.61%), invalid chksum: 0 1/12/2019 -- 08:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 08:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 08:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 08:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 08:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 08:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 08:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 08:30:29 - - All AFP capture threads are running. 1/12/2019 -- 09:00:02 - - Signal Received. Stopping engine. 1/12/2019 -- 09:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 09:00:02 - - CPUs/cores online: 12 1/12/2019 -- 09:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 09:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 09:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 09:00:02 - - time elapsed 1774.166s 1/12/2019 -- 09:00:05 - - Alerts: 0 1/12/2019 -- 09:00:06 - - cleaning up signature grouping structure... complete 1/12/2019 -- 09:00:06 - - Stats for 'eno4': pkts: 606756646, drop: 153305703 (25.27%), invalid chksum: 0 1/12/2019 -- 09:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 09:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 09:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 09:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 09:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 09:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 09:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 09:00:29 - - All AFP capture threads are running. 1/12/2019 -- 09:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 09:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 09:30:01 - - CPUs/cores online: 12 1/12/2019 -- 09:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 09:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 09:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 09:30:02 - - time elapsed 1772.828s 1/12/2019 -- 09:30:04 - - Alerts: 0 1/12/2019 -- 09:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 09:30:04 - - Stats for 'eno4': pkts: 643501026, drop: 170016732 (26.42%), invalid chksum: 0 1/12/2019 -- 09:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 09:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 09:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 09:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 09:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 09:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 09:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 09:30:28 - - All AFP capture threads are running. 1/12/2019 -- 10:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 10:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 10:00:01 - - CPUs/cores online: 12 1/12/2019 -- 10:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 10:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 10:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 10:00:02 - - time elapsed 1773.814s 1/12/2019 -- 10:00:04 - - Alerts: 0 1/12/2019 -- 10:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 10:00:04 - - Stats for 'eno4': pkts: 632890254, drop: 171082304 (27.03%), invalid chksum: 0 1/12/2019 -- 10:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 10:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 10:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 10:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 10:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 10:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 10:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 10:00:29 - - All AFP capture threads are running. 1/12/2019 -- 10:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 10:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 10:30:01 - - CPUs/cores online: 12 1/12/2019 -- 10:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 10:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 10:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 10:30:01 - - time elapsed 1773.170s 1/12/2019 -- 10:30:04 - - Alerts: 0 1/12/2019 -- 10:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 10:30:04 - - Stats for 'eno4': pkts: 618637753, drop: 147839443 (23.90%), invalid chksum: 0 1/12/2019 -- 10:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 10:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 10:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 10:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 10:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 10:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 10:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 10:30:28 - - All AFP capture threads are running. 1/12/2019 -- 11:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 11:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 11:00:01 - - CPUs/cores online: 12 1/12/2019 -- 11:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 11:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 11:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 11:00:02 - - time elapsed 1773.929s 1/12/2019 -- 11:00:04 - - Alerts: 0 1/12/2019 -- 11:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 11:00:04 - - Stats for 'eno4': pkts: 570426636, drop: 135272020 (23.71%), invalid chksum: 0 1/12/2019 -- 11:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 11:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 11:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 11:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 11:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 11:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 11:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 11:00:29 - - All AFP capture threads are running. 1/12/2019 -- 11:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 11:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 11:30:01 - - CPUs/cores online: 12 1/12/2019 -- 11:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 11:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 11:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 11:30:02 - - time elapsed 1773.705s 1/12/2019 -- 11:30:04 - - Alerts: 0 1/12/2019 -- 11:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 11:30:05 - - Stats for 'eno4': pkts: 606512561, drop: 190878720 (31.47%), invalid chksum: 0 1/12/2019 -- 11:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 11:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 11:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 11:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 11:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 11:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 11:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 11:30:29 - - All AFP capture threads are running. 1/12/2019 -- 12:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 12:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 12:00:01 - - CPUs/cores online: 12 1/12/2019 -- 12:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 12:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 12:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 12:00:02 - - time elapsed 1772.865s 1/12/2019 -- 12:00:03 - - Alerts: 0 1/12/2019 -- 12:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 12:00:04 - - Stats for 'eno4': pkts: 588466445, drop: 153593239 (26.10%), invalid chksum: 0 1/12/2019 -- 12:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 12:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 12:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 12:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 12:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 12:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 12:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 12:00:28 - - All AFP capture threads are running. 1/12/2019 -- 12:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 12:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 12:30:01 - - CPUs/cores online: 12 1/12/2019 -- 12:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 12:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 12:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 12:30:02 - - time elapsed 1774.003s 1/12/2019 -- 12:30:04 - - Alerts: 0 1/12/2019 -- 12:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 12:30:04 - - Stats for 'eno4': pkts: 611855298, drop: 178698360 (29.21%), invalid chksum: 0 1/12/2019 -- 12:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 12:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 12:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 12:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 12:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 12:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 12:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 12:30:29 - - All AFP capture threads are running. 1/12/2019 -- 13:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 13:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 13:00:01 - - CPUs/cores online: 12 1/12/2019 -- 13:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 13:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 13:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 13:00:02 - - time elapsed 1773.889s 1/12/2019 -- 13:00:04 - - Alerts: 0 1/12/2019 -- 13:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 13:00:04 - - Stats for 'eno4': pkts: 581673235, drop: 203143090 (34.92%), invalid chksum: 0 1/12/2019 -- 13:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 13:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 13:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 13:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 13:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 13:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 13:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 13:00:29 - - All AFP capture threads are running. 1/12/2019 -- 13:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 13:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 13:30:01 - - CPUs/cores online: 12 1/12/2019 -- 13:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 13:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 13:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 13:30:01 - - time elapsed 1773.188s 1/12/2019 -- 13:30:04 - - Alerts: 0 1/12/2019 -- 13:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 13:30:05 - - Stats for 'eno4': pkts: 628167122, drop: 167997999 (26.74%), invalid chksum: 1 1/12/2019 -- 13:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 13:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 13:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 13:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 13:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 13:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 13:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 13:30:28 - - All AFP capture threads are running. 1/12/2019 -- 14:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 14:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 14:00:01 - - CPUs/cores online: 12 1/12/2019 -- 14:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 14:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 14:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 14:00:02 - - time elapsed 1774.143s 1/12/2019 -- 14:00:04 - - Alerts: 0 1/12/2019 -- 14:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 14:00:04 - - Stats for 'eno4': pkts: 580836087, drop: 173163248 (29.81%), invalid chksum: 0 1/12/2019 -- 14:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 14:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 14:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 14:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 14:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 14:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 14:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 14:00:29 - - All AFP capture threads are running. 1/12/2019 -- 14:30:02 - - Signal Received. Stopping engine. 1/12/2019 -- 14:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 14:30:02 - - CPUs/cores online: 12 1/12/2019 -- 14:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 14:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 14:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 14:30:02 - - time elapsed 1774.326s 1/12/2019 -- 14:30:05 - - Alerts: 0 1/12/2019 -- 14:30:06 - - cleaning up signature grouping structure... complete 1/12/2019 -- 14:30:06 - - Stats for 'eno4': pkts: 568014851, drop: 147272204 (25.93%), invalid chksum: 0 1/12/2019 -- 14:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 14:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 14:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 14:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 14:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 14:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 14:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 14:30:29 - - All AFP capture threads are running. 1/12/2019 -- 15:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 15:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 15:00:01 - - CPUs/cores online: 12 1/12/2019 -- 15:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 15:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 15:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 15:00:02 - - time elapsed 1773.038s 1/12/2019 -- 15:00:04 - - Alerts: 0 1/12/2019 -- 15:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 15:00:04 - - Stats for 'eno4': pkts: 590771954, drop: 161300565 (27.30%), invalid chksum: 0 1/12/2019 -- 15:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 15:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 15:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 15:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 15:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 15:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 15:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 15:00:29 - - All AFP capture threads are running. 1/12/2019 -- 15:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 15:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 15:30:01 - - CPUs/cores online: 12 1/12/2019 -- 15:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 15:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 15:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 15:30:02 - - time elapsed 1773.860s 1/12/2019 -- 15:30:04 - - Alerts: 0 1/12/2019 -- 15:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 15:30:04 - - Stats for 'eno4': pkts: 562910125, drop: 147143181 (26.14%), invalid chksum: 0 1/12/2019 -- 15:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 15:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 15:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 15:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 15:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 15:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 15:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 15:30:29 - - All AFP capture threads are running. 1/12/2019 -- 16:00:02 - - Signal Received. Stopping engine. 1/12/2019 -- 16:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 16:00:02 - - CPUs/cores online: 12 1/12/2019 -- 16:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 16:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 16:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 16:00:03 - - time elapsed 1774.490s 1/12/2019 -- 16:00:05 - - Alerts: 0 1/12/2019 -- 16:00:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 16:00:05 - - Stats for 'eno4': pkts: 543543083, drop: 168791597 (31.05%), invalid chksum: 1 1/12/2019 -- 16:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 16:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 16:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 16:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 16:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 16:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 16:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 16:00:29 - - All AFP capture threads are running. 1/12/2019 -- 16:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 16:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 16:30:01 - - CPUs/cores online: 12 1/12/2019 -- 16:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 16:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 16:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 16:30:02 - - time elapsed 1773.138s 1/12/2019 -- 16:30:04 - - Alerts: 0 1/12/2019 -- 16:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 16:30:04 - - Stats for 'eno4': pkts: 573770929, drop: 159715517 (27.84%), invalid chksum: 0 1/12/2019 -- 16:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 16:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 16:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 16:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 16:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 16:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 16:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 16:30:29 - - All AFP capture threads are running. 1/12/2019 -- 17:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 17:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 17:00:01 - - CPUs/cores online: 12 1/12/2019 -- 17:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 17:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 17:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 17:00:02 - - time elapsed 1773.059s 1/12/2019 -- 17:00:04 - - Alerts: 0 1/12/2019 -- 17:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 17:00:04 - - Stats for 'eno4': pkts: 524926696, drop: 142089161 (27.07%), invalid chksum: 0 1/12/2019 -- 17:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 17:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 17:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 17:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 17:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 17:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 17:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 17:00:29 - - All AFP capture threads are running. 1/12/2019 -- 17:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 17:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 17:30:01 - - CPUs/cores online: 12 1/12/2019 -- 17:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 17:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 17:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 17:30:02 - - time elapsed 1773.258s 1/12/2019 -- 17:30:03 - - Alerts: 0 1/12/2019 -- 17:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 17:30:04 - - Stats for 'eno4': pkts: 557830552, drop: 183198229 (32.84%), invalid chksum: 0 1/12/2019 -- 17:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 17:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 17:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 17:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 17:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 17:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 17:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 17:30:28 - - All AFP capture threads are running. 1/12/2019 -- 18:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 18:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 18:00:01 - - CPUs/cores online: 12 1/12/2019 -- 18:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 18:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 18:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 18:00:02 - - time elapsed 1774.147s 1/12/2019 -- 18:00:04 - - Alerts: 0 1/12/2019 -- 18:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 18:00:04 - - Stats for 'eno4': pkts: 542622064, drop: 153336177 (28.26%), invalid chksum: 1 1/12/2019 -- 18:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 18:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 18:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 18:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 18:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 18:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 18:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 18:00:29 - - All AFP capture threads are running. 1/12/2019 -- 18:30:02 - - Signal Received. Stopping engine. 1/12/2019 -- 18:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 18:30:02 - - CPUs/cores online: 12 1/12/2019 -- 18:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 18:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 18:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 18:30:02 - - time elapsed 1774.084s 1/12/2019 -- 18:30:04 - - Alerts: 0 1/12/2019 -- 18:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 18:30:05 - - Stats for 'eno4': pkts: 594376885, drop: 157352124 (26.47%), invalid chksum: 0 1/12/2019 -- 18:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 18:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 18:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 18:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 18:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 18:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 18:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 18:30:29 - - All AFP capture threads are running. 1/12/2019 -- 19:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 19:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 19:00:01 - - CPUs/cores online: 12 1/12/2019 -- 19:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 19:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 19:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 19:00:02 - - time elapsed 1773.167s 1/12/2019 -- 19:00:04 - - Alerts: 0 1/12/2019 -- 19:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 19:00:04 - - Stats for 'eno4': pkts: 518967640, drop: 131810851 (25.40%), invalid chksum: 0 1/12/2019 -- 19:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 19:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 19:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 19:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 19:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 19:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 19:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 19:00:28 - - All AFP capture threads are running. 1/12/2019 -- 19:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 19:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 19:30:01 - - CPUs/cores online: 12 1/12/2019 -- 19:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 19:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 19:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 19:30:02 - - time elapsed 1774.032s 1/12/2019 -- 19:30:04 - - Alerts: 0 1/12/2019 -- 19:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 19:30:04 - - Stats for 'eno4': pkts: 590570958, drop: 151786158 (25.70%), invalid chksum: 0 1/12/2019 -- 19:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 19:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 19:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 19:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 19:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 19:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 19:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 19:30:29 - - All AFP capture threads are running. 1/12/2019 -- 20:00:02 - - Signal Received. Stopping engine. 1/12/2019 -- 20:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 20:00:02 - - CPUs/cores online: 12 1/12/2019 -- 20:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 20:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 20:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 20:00:03 - - time elapsed 1774.438s 1/12/2019 -- 20:00:07 - - Alerts: 0 1/12/2019 -- 20:00:08 - - cleaning up signature grouping structure... complete 1/12/2019 -- 20:00:08 - - Stats for 'eno4': pkts: 596472876, drop: 170339358 (28.56%), invalid chksum: 0 1/12/2019 -- 20:00:11 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 20:00:11 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 20:00:11 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 20:00:30 - - Going to use 12 thread(s) 1/12/2019 -- 20:00:30 - - Running in live mode, activating unix socket 1/12/2019 -- 20:00:30 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 20:00:30 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 20:00:30 - - All AFP capture threads are running. 1/12/2019 -- 20:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 20:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 20:30:01 - - CPUs/cores online: 12 1/12/2019 -- 20:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 20:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 20:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 20:30:02 - - time elapsed 1772.146s 1/12/2019 -- 20:30:04 - - Alerts: 0 1/12/2019 -- 20:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 20:30:05 - - Stats for 'eno4': pkts: 616973698, drop: 170259685 (27.60%), invalid chksum: 0 1/12/2019 -- 20:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 20:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 20:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 20:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 20:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 20:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 20:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 20:30:29 - - All AFP capture threads are running. 1/12/2019 -- 21:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 21:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 21:00:01 - - CPUs/cores online: 12 1/12/2019 -- 21:00:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 21:00:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 21:00:02 - - Running in live mode, activating unix socket 1/12/2019 -- 21:00:03 - - time elapsed 1774.345s 1/12/2019 -- 21:00:06 - - Alerts: 0 1/12/2019 -- 21:00:07 - - cleaning up signature grouping structure... complete 1/12/2019 -- 21:00:07 - - Stats for 'eno4': pkts: 581675357, drop: 178983567 (30.77%), invalid chksum: 0 1/12/2019 -- 21:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 21:00:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 21:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 21:00:29 - - Going to use 12 thread(s) 1/12/2019 -- 21:00:29 - - Running in live mode, activating unix socket 1/12/2019 -- 21:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 21:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 21:00:29 - - All AFP capture threads are running. 1/12/2019 -- 21:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 21:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 21:30:01 - - CPUs/cores online: 12 1/12/2019 -- 21:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 21:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 21:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 21:30:02 - - time elapsed 1772.894s 1/12/2019 -- 21:30:04 - - Alerts: 0 1/12/2019 -- 21:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 21:30:04 - - Stats for 'eno4': pkts: 596341617, drop: 171734479 (28.80%), invalid chksum: 0 1/12/2019 -- 21:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 21:30:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 21:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 21:30:28 - - Going to use 12 thread(s) 1/12/2019 -- 21:30:28 - - Running in live mode, activating unix socket 1/12/2019 -- 21:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 21:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 21:30:28 - - All AFP capture threads are running. 1/12/2019 -- 22:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 22:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 22:00:01 - - CPUs/cores online: 12 1/12/2019 -- 22:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 22:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 22:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 22:00:02 - - time elapsed 1774.298s 1/12/2019 -- 22:00:04 - - Alerts: 0 1/12/2019 -- 22:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 22:00:04 - - Stats for 'eno4': pkts: 618658544, drop: 178330367 (28.83%), invalid chksum: 0 1/12/2019 -- 22:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 22:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 22:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 22:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 22:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 22:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 22:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 22:00:29 - - All AFP capture threads are running. 1/12/2019 -- 22:30:02 - - Signal Received. Stopping engine. 1/12/2019 -- 22:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 22:30:02 - - CPUs/cores online: 12 1/12/2019 -- 22:30:02 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 22:30:02 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 22:30:02 - - Running in live mode, activating unix socket 1/12/2019 -- 22:30:02 - - time elapsed 1773.923s 1/12/2019 -- 22:30:04 - - Alerts: 0 1/12/2019 -- 22:30:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 22:30:04 - - Stats for 'eno4': pkts: 610469261, drop: 172880144 (28.32%), invalid chksum: 0 1/12/2019 -- 22:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 22:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 22:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 22:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 22:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 22:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 22:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 22:30:29 - - All AFP capture threads are running. 1/12/2019 -- 23:00:01 - - Signal Received. Stopping engine. 1/12/2019 -- 23:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 23:00:01 - - CPUs/cores online: 12 1/12/2019 -- 23:00:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 23:00:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 23:00:01 - - Running in live mode, activating unix socket 1/12/2019 -- 23:00:01 - - time elapsed 1772.582s 1/12/2019 -- 23:00:04 - - Alerts: 0 1/12/2019 -- 23:00:04 - - cleaning up signature grouping structure... complete 1/12/2019 -- 23:00:04 - - Stats for 'eno4': pkts: 592542895, drop: 159628479 (26.94%), invalid chksum: 0 1/12/2019 -- 23:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 23:00:09 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 23:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 23:00:28 - - Going to use 12 thread(s) 1/12/2019 -- 23:00:28 - - Running in live mode, activating unix socket 1/12/2019 -- 23:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 23:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 23:00:29 - - All AFP capture threads are running. 1/12/2019 -- 23:30:01 - - Signal Received. Stopping engine. 1/12/2019 -- 23:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 1/12/2019 -- 23:30:01 - - CPUs/cores online: 12 1/12/2019 -- 23:30:01 - - eve-log output device (regular) initialized: eve.json 1/12/2019 -- 23:30:01 - - stats output device (regular) initialized: stats.log 1/12/2019 -- 23:30:01 - - Running in live mode, activating unix socket 1/12/2019 -- 23:30:02 - - time elapsed 1774.044s 1/12/2019 -- 23:30:05 - - Alerts: 0 1/12/2019 -- 23:30:05 - - cleaning up signature grouping structure... complete 1/12/2019 -- 23:30:05 - - Stats for 'eno4': pkts: 624581311, drop: 165062680 (26.43%), invalid chksum: 0 1/12/2019 -- 23:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 1/12/2019 -- 23:30:10 - - Threshold config parsed: 0 rule(s) found 1/12/2019 -- 23:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 1/12/2019 -- 23:30:29 - - Going to use 12 thread(s) 1/12/2019 -- 23:30:29 - - Running in live mode, activating unix socket 1/12/2019 -- 23:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/12/2019 -- 23:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 1/12/2019 -- 23:30:29 - - All AFP capture threads are running. 2/12/2019 -- 00:00:02 - - Signal Received. Stopping engine. 2/12/2019 -- 00:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 00:00:02 - - CPUs/cores online: 12 2/12/2019 -- 00:00:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 00:00:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 00:00:02 - - Running in live mode, activating unix socket 2/12/2019 -- 00:00:03 - - time elapsed 1773.992s 2/12/2019 -- 00:00:05 - - Alerts: 0 2/12/2019 -- 00:00:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 00:00:05 - - Stats for 'eno4': pkts: 591150776, drop: 162533655 (27.49%), invalid chksum: 0 2/12/2019 -- 00:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 00:00:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 00:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 00:00:29 - - Going to use 12 thread(s) 2/12/2019 -- 00:00:29 - - Running in live mode, activating unix socket 2/12/2019 -- 00:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 00:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 00:00:29 - - All AFP capture threads are running. 2/12/2019 -- 00:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 00:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 00:30:01 - - CPUs/cores online: 12 2/12/2019 -- 00:30:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 00:30:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 00:30:01 - - Running in live mode, activating unix socket 2/12/2019 -- 00:30:01 - - time elapsed 1772.811s 2/12/2019 -- 00:30:03 - - Alerts: 0 2/12/2019 -- 00:30:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 00:30:04 - - Stats for 'eno4': pkts: 500351428, drop: 127288361 (25.44%), invalid chksum: 0 2/12/2019 -- 00:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 00:30:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 00:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 00:30:29 - - Going to use 12 thread(s) 2/12/2019 -- 00:30:29 - - Running in live mode, activating unix socket 2/12/2019 -- 00:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 00:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 00:30:29 - - All AFP capture threads are running. 2/12/2019 -- 01:00:01 - - Signal Received. Stopping engine. 2/12/2019 -- 01:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 01:00:01 - - CPUs/cores online: 12 2/12/2019 -- 01:00:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 01:00:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 01:00:02 - - Running in live mode, activating unix socket 2/12/2019 -- 01:00:02 - - time elapsed 1773.463s 2/12/2019 -- 01:00:04 - - Alerts: 0 2/12/2019 -- 01:00:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 01:00:05 - - Stats for 'eno4': pkts: 496685762, drop: 129032401 (25.98%), invalid chksum: 0 2/12/2019 -- 01:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 01:00:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 01:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 01:00:28 - - Going to use 12 thread(s) 2/12/2019 -- 01:00:29 - - Running in live mode, activating unix socket 2/12/2019 -- 01:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 01:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 01:00:29 - - All AFP capture threads are running. 2/12/2019 -- 01:30:02 - - Signal Received. Stopping engine. 2/12/2019 -- 01:30:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 01:30:02 - - CPUs/cores online: 12 2/12/2019 -- 01:30:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 01:30:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 01:30:02 - - Running in live mode, activating unix socket 2/12/2019 -- 01:30:03 - - time elapsed 1774.437s 2/12/2019 -- 01:30:05 - - Alerts: 0 2/12/2019 -- 01:30:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 01:30:05 - - Stats for 'eno4': pkts: 579506952, drop: 164888806 (28.45%), invalid chksum: 0 2/12/2019 -- 01:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 01:30:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 01:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 01:30:29 - - Going to use 12 thread(s) 2/12/2019 -- 01:30:29 - - Running in live mode, activating unix socket 2/12/2019 -- 01:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 01:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 01:30:29 - - All AFP capture threads are running. 2/12/2019 -- 02:00:01 - - Signal Received. Stopping engine. 2/12/2019 -- 02:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 02:00:01 - - CPUs/cores online: 12 2/12/2019 -- 02:00:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 02:00:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 02:00:01 - - Running in live mode, activating unix socket 2/12/2019 -- 02:00:02 - - time elapsed 1773.429s 2/12/2019 -- 02:00:04 - - Alerts: 0 2/12/2019 -- 02:00:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 02:00:04 - - Stats for 'eno4': pkts: 548739183, drop: 156429053 (28.51%), invalid chksum: 0 2/12/2019 -- 02:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 02:00:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 02:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 02:00:28 - - Going to use 12 thread(s) 2/12/2019 -- 02:00:28 - - Running in live mode, activating unix socket 2/12/2019 -- 02:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 02:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 02:00:29 - - All AFP capture threads are running. 2/12/2019 -- 02:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 02:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 02:30:01 - - CPUs/cores online: 12 2/12/2019 -- 02:30:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 02:30:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 02:30:02 - - Running in live mode, activating unix socket 2/12/2019 -- 02:30:02 - - time elapsed 1774.072s 2/12/2019 -- 02:30:04 - - Alerts: 0 2/12/2019 -- 02:30:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 02:30:05 - - Stats for 'eno4': pkts: 510330670, drop: 129588374 (25.39%), invalid chksum: 0 2/12/2019 -- 02:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 02:30:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 02:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 02:30:29 - - Going to use 12 thread(s) 2/12/2019 -- 02:30:29 - - Running in live mode, activating unix socket 2/12/2019 -- 02:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 02:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 02:30:29 - - All AFP capture threads are running. 2/12/2019 -- 03:00:01 - - Signal Received. Stopping engine. 2/12/2019 -- 03:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 03:00:01 - - CPUs/cores online: 12 2/12/2019 -- 03:00:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 03:00:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 03:00:01 - - Running in live mode, activating unix socket 2/12/2019 -- 03:00:02 - - time elapsed 1772.861s 2/12/2019 -- 03:00:04 - - Alerts: 0 2/12/2019 -- 03:00:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 03:00:04 - - Stats for 'eno4': pkts: 617754081, drop: 173437657 (28.08%), invalid chksum: 0 2/12/2019 -- 03:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 03:00:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 03:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 03:00:28 - - Going to use 12 thread(s) 2/12/2019 -- 03:00:28 - - Running in live mode, activating unix socket 2/12/2019 -- 03:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 03:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 03:00:29 - - All AFP capture threads are running. 2/12/2019 -- 03:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 03:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 03:30:01 - - CPUs/cores online: 12 2/12/2019 -- 03:30:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 03:30:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 03:30:02 - - Running in live mode, activating unix socket 2/12/2019 -- 03:30:02 - - time elapsed 1774.206s 2/12/2019 -- 03:30:04 - - Alerts: 0 2/12/2019 -- 03:30:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 03:30:05 - - Stats for 'eno4': pkts: 698669737, drop: 239965109 (34.35%), invalid chksum: 0 2/12/2019 -- 03:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 03:30:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 03:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 03:30:28 - - Going to use 12 thread(s) 2/12/2019 -- 03:30:28 - - Running in live mode, activating unix socket 2/12/2019 -- 03:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 03:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 03:30:29 - - All AFP capture threads are running. 2/12/2019 -- 04:00:02 - - Signal Received. Stopping engine. 2/12/2019 -- 04:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 04:00:02 - - CPUs/cores online: 12 2/12/2019 -- 04:00:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 04:00:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 04:00:02 - - Running in live mode, activating unix socket 2/12/2019 -- 04:00:03 - - time elapsed 1774.596s 2/12/2019 -- 04:00:05 - - Alerts: 0 2/12/2019 -- 04:00:06 - - cleaning up signature grouping structure... complete 2/12/2019 -- 04:00:06 - - Stats for 'eno4': pkts: 579733446, drop: 177759985 (30.66%), invalid chksum: 0 2/12/2019 -- 04:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 04:00:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 04:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 04:00:29 - - Going to use 12 thread(s) 2/12/2019 -- 04:00:29 - - Running in live mode, activating unix socket 2/12/2019 -- 04:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 04:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 04:00:29 - - All AFP capture threads are running. 2/12/2019 -- 04:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 04:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 04:30:01 - - CPUs/cores online: 12 2/12/2019 -- 04:30:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 04:30:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 04:30:01 - - Running in live mode, activating unix socket 2/12/2019 -- 04:30:02 - - time elapsed 1773.367s 2/12/2019 -- 04:30:05 - - Alerts: 0 2/12/2019 -- 04:30:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 04:30:05 - - Stats for 'eno4': pkts: 610693248, drop: 172893011 (28.31%), invalid chksum: 0 2/12/2019 -- 04:30:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 04:30:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 04:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 04:30:29 - - Going to use 12 thread(s) 2/12/2019 -- 04:30:29 - - Running in live mode, activating unix socket 2/12/2019 -- 04:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 04:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 04:30:29 - - All AFP capture threads are running. 2/12/2019 -- 05:00:02 - - Signal Received. Stopping engine. 2/12/2019 -- 05:00:02 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 05:00:02 - - CPUs/cores online: 12 2/12/2019 -- 05:00:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 05:00:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 05:00:02 - - Running in live mode, activating unix socket 2/12/2019 -- 05:00:02 - - time elapsed 1773.776s 2/12/2019 -- 05:00:04 - - Alerts: 0 2/12/2019 -- 05:00:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 05:00:05 - - Stats for 'eno4': pkts: 500708438, drop: 126780497 (25.32%), invalid chksum: 0 2/12/2019 -- 05:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 05:00:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 05:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 05:00:29 - - Going to use 12 thread(s) 2/12/2019 -- 05:00:29 - - Running in live mode, activating unix socket 2/12/2019 -- 05:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 05:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 05:00:29 - - All AFP capture threads are running. 2/12/2019 -- 05:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 05:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 05:30:01 - - CPUs/cores online: 12 2/12/2019 -- 05:30:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 05:30:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 05:30:01 - - Running in live mode, activating unix socket 2/12/2019 -- 05:30:02 - - time elapsed 1773.056s 2/12/2019 -- 05:30:04 - - Alerts: 0 2/12/2019 -- 05:30:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 05:30:04 - - Stats for 'eno4': pkts: 510908896, drop: 124636419 (24.40%), invalid chksum: 0 2/12/2019 -- 05:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 05:30:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 05:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 05:30:28 - - Going to use 12 thread(s) 2/12/2019 -- 05:30:28 - - Running in live mode, activating unix socket 2/12/2019 -- 05:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 05:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 05:30:28 - - All AFP capture threads are running. 2/12/2019 -- 06:00:01 - - Signal Received. Stopping engine. 2/12/2019 -- 06:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 06:00:01 - - CPUs/cores online: 12 2/12/2019 -- 06:00:02 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 06:00:02 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 06:00:02 - - Running in live mode, activating unix socket 2/12/2019 -- 06:00:02 - - time elapsed 1774.141s 2/12/2019 -- 06:00:04 - - Alerts: 0 2/12/2019 -- 06:00:05 - - cleaning up signature grouping structure... complete 2/12/2019 -- 06:00:05 - - Stats for 'eno4': pkts: 506922028, drop: 137409638 (27.11%), invalid chksum: 0 2/12/2019 -- 06:00:10 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 06:00:10 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 06:00:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 06:00:29 - - Going to use 12 thread(s) 2/12/2019 -- 06:00:29 - - Running in live mode, activating unix socket 2/12/2019 -- 06:00:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 06:00:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 06:00:29 - - All AFP capture threads are running. 2/12/2019 -- 06:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 06:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 06:30:01 - - CPUs/cores online: 12 2/12/2019 -- 06:30:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 06:30:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 06:30:01 - - Running in live mode, activating unix socket 2/12/2019 -- 06:30:02 - - time elapsed 1773.012s 2/12/2019 -- 06:30:04 - - Alerts: 0 2/12/2019 -- 06:30:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 06:30:04 - - Stats for 'eno4': pkts: 559738382, drop: 155460647 (27.77%), invalid chksum: 0 2/12/2019 -- 06:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 06:30:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 06:30:10 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 06:30:29 - - Going to use 12 thread(s) 2/12/2019 -- 06:30:29 - - Running in live mode, activating unix socket 2/12/2019 -- 06:30:29 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 06:30:29 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 06:30:30 - - All AFP capture threads are running. 2/12/2019 -- 07:00:01 - - Signal Received. Stopping engine. 2/12/2019 -- 07:00:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 07:00:01 - - CPUs/cores online: 12 2/12/2019 -- 07:00:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 07:00:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 07:00:01 - - Running in live mode, activating unix socket 2/12/2019 -- 07:00:02 - - time elapsed 1772.397s 2/12/2019 -- 07:00:04 - - Alerts: 0 2/12/2019 -- 07:00:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 07:00:04 - - Stats for 'eno4': pkts: 529018963, drop: 205703098 (38.88%), invalid chksum: 0 2/12/2019 -- 07:00:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 07:00:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 07:00:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 07:00:28 - - Going to use 12 thread(s) 2/12/2019 -- 07:00:28 - - Running in live mode, activating unix socket 2/12/2019 -- 07:00:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 07:00:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 07:00:28 - - All AFP capture threads are running. 2/12/2019 -- 07:30:01 - - Signal Received. Stopping engine. 2/12/2019 -- 07:30:01 - - This is Suricata version 5.0.0 RELEASE running in SYSTEM mode 2/12/2019 -- 07:30:01 - - CPUs/cores online: 12 2/12/2019 -- 07:30:01 - - eve-log output device (regular) initialized: eve.json 2/12/2019 -- 07:30:01 - - stats output device (regular) initialized: stats.log 2/12/2019 -- 07:30:01 - - Running in live mode, activating unix socket 2/12/2019 -- 07:30:01 - - time elapsed 1773.645s 2/12/2019 -- 07:30:03 - - Alerts: 0 2/12/2019 -- 07:30:04 - - cleaning up signature grouping structure... complete 2/12/2019 -- 07:30:04 - - Stats for 'eno4': pkts: 575519414, drop: 153066940 (26.60%), invalid chksum: 0 2/12/2019 -- 07:30:09 - - 1 rule files processed. 23715 rules successfully loaded, 0 rules failed 2/12/2019 -- 07:30:09 - - Threshold config parsed: 0 rule(s) found 2/12/2019 -- 07:30:09 - - 23719 signatures processed. 1066 are IP-only rules, 5099 are inspecting packet payload, 17458 inspect application layer, 0 are decoder event only 2/12/2019 -- 07:30:28 - - Going to use 12 thread(s) 2/12/2019 -- 07:30:28 - - Running in live mode, activating unix socket 2/12/2019 -- 07:30:28 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 2/12/2019 -- 07:30:28 - - all 12 packet processing threads, 2 management threads initialized, engine started. 2/12/2019 -- 07:30:29 - - All AFP capture threads are running.