# suricata --pcap=igb0 -vvvv 1/7/2021 -- 10:34:04 - - This is Suricata version 6.0.2 RELEASE running in SYSTEM mode 1/7/2021 -- 10:34:04 - - CPUs/cores online: 12 1/7/2021 -- 10:34:04 - - 'default' server has 'request-body-minimal-inspect-size' set to 33553 and 'request-body-inspect-window' set to 4066 after randomization. 1/7/2021 -- 10:34:04 - - 'default' server has 'response-body-minimal-inspect-size' set to 41964 and 'response-body-inspect-window' set to 16108 after randomization. 1/7/2021 -- 10:34:04 - - SMB stream depth: 0 1/7/2021 -- 10:34:04 - - Protocol detection and parser disabled for modbus protocol. 1/7/2021 -- 10:34:04 - - Protocol detection and parser disabled for enip protocol. 1/7/2021 -- 10:34:04 - - Protocol detection and parser disabled for DNP3. 1/7/2021 -- 10:34:04 - - Found an MTU of 1500 for 'igb0' 1/7/2021 -- 10:34:04 - - Found an MTU of 1500 for 'igb0' 1/7/2021 -- 10:34:04 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 1/7/2021 -- 10:34:04 - - preallocated 1000 hosts of size 104 1/7/2021 -- 10:34:04 - - host memory usage: 366144 bytes, maximum: 33554432 1/7/2021 -- 10:34:04 - - Core dump size is unlimited. 1/7/2021 -- 10:34:04 - - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24 1/7/2021 -- 10:34:04 - - preallocated 65535 defrag trackers of size 128 1/7/2021 -- 10:34:04 - - defrag memory usage: 9961344 bytes, maximum: 33554432 1/7/2021 -- 10:34:04 - - flow size 288, memcap allows for 466033 flows. Per hash row in perfect conditions 7 1/7/2021 -- 10:34:04 - - stream "prealloc-sessions": 2048 (per thread) 1/7/2021 -- 10:34:04 - - stream "memcap": 67108864 1/7/2021 -- 10:34:04 - - stream "midstream" session pickups: disabled 1/7/2021 -- 10:34:04 - - stream "async-oneside": disabled 1/7/2021 -- 10:34:04 - - stream "checksum-validation": enabled 1/7/2021 -- 10:34:04 - - stream."inline": disabled 1/7/2021 -- 10:34:04 - - stream "bypass": disabled 1/7/2021 -- 10:34:04 - - stream "max-synack-queued": 5 1/7/2021 -- 10:34:04 - - stream.reassembly "memcap": 268435456 1/7/2021 -- 10:34:04 - - stream.reassembly "depth": 1048576 1/7/2021 -- 10:34:04 - - stream.reassembly "toserver-chunk-size": 2669 1/7/2021 -- 10:34:04 - - stream.reassembly "toclient-chunk-size": 2625 1/7/2021 -- 10:34:04 - - stream.reassembly.raw: enabled 1/7/2021 -- 10:34:04 - - stream.reassembly "segment-prealloc": 2048 1/7/2021 -- 10:34:04 - - fast output device (regular) initialized: fast.log 1/7/2021 -- 10:34:04 - - eve-log output device (regular) initialized: eve.json 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'alert' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'anomaly' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'http' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'dns' 1/7/2021 -- 10:34:04 - - eve-log dns version not set, defaulting to version 2 1/7/2021 -- 10:34:04 - - eve-log dns version not set, defaulting to version 2 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'tls' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'files' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'smtp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'ftp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'rdp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'nfs' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'smb' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'tftp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'ikev2' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'dcerpc' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'krb5' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'snmp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'rfb' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'sip' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'dhcp' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'ssh' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'mqtt' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'stats' 1/7/2021 -- 10:34:04 - - enabling 'eve-log' module 'flow' 1/7/2021 -- 10:34:04 - - stats output device (regular) initialized: stats.log 1/7/2021 -- 10:34:04 - - Delayed detect disabled 1/7/2021 -- 10:34:04 - - Running in live mode, activating unix socket 1/7/2021 -- 10:34:04 - - pattern matchers: MPM: ac, SPM: bm 1/7/2021 -- 10:34:04 - - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 1/7/2021 -- 10:34:04 - - grouping: udp-whitelist (default) 53, 135, 5060 1/7/2021 -- 10:34:04 - - prefilter engines: MPM 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_uri 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_raw_uri 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_request_line 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_client_body 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_response_line 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_header_names 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_header_names 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_accept 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_accept_enc 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_accept_lang 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_referer 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_connection 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_content_len 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_content_len 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_content_type 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_content_type 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http.server 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http.location 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_protocol 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_protocol 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_start 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_start 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_raw_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_raw_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_method 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_cookie 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_cookie 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file.magic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_user_agent 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_host 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_raw_host 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_stat_msg 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http_stat_code 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http2_header_name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http2_header_name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http2_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for http2_header 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dns_query 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dnp3_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dnp3_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.sni 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.cert_issuer 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.cert_subject 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.cert_serial 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.cert_fingerprint 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tls.certs 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ja3.hash 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ja3.string 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ja3s.hash 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ja3s.string 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dce_stub_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dce_stub_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dce_stub_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for dce_stub_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for smb_named_pipe 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for smb_share 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.proto 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.proto 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh_software 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh_software 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.hassh 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.hassh.server 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.hassh.string 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ssh.hassh.server.string 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for file_data 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for krb5_cname 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for krb5_sname 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.method 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.uri 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.protocol 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.protocol 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.method 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.stat_msg 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.request_line 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for sip.response_line 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for rfb.name 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for snmp.community 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for snmp.community 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.connect.clientid 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.connect.username 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.connect.password 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.connect.willtopic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.connect.willmessage 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.publish.topic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.publish.message 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.subscribe.topic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for mqtt.unsubscribe.topic 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for icmpv4.hdr 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for tcp.hdr 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for udp.hdr 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for icmpv6.hdr 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ipv4.hdr 1/7/2021 -- 10:34:04 - - using shared mpm ctx' for ipv6.hdr 1/7/2021 -- 10:34:04 - - IP reputation disabled 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/3coresec.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/botcc.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/ciarmy.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/compromised.rules 1/7/2021 -- 10:34:04 - - No rules loaded from compromised.rules. 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/drop.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/dshield.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-attack_response.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-chat.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-current_events.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-dns.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-dos.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-exploit.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-imap.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-malware.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-misc.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-mobile_malware.rules 1/7/2021 -- 10:34:04 - - Loading rule file: /var/lib/suricata/rules/emerging-netbios.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-policy.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-pop3.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-rpc.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-scan.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-shellcode.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-smtp.rules 1/7/2021 -- 10:34:05 - - Loading rule file: /var/lib/suricata/rules/emerging-trojan.rules 1/7/2021 -- 10:34:06 - - Loading rule file: /var/lib/suricata/rules/emerging-user_agents.rules 1/7/2021 -- 10:34:06 - - Loading rule file: /var/lib/suricata/rules/emerging-voip.rules 1/7/2021 -- 10:34:06 - - Loading rule file: /var/lib/suricata/rules/emerging-web_client.rules 1/7/2021 -- 10:34:06 - - Loading rule file: /var/lib/suricata/rules/emerging-web_server.rules 1/7/2021 -- 10:34:06 - - Loading rule file: /var/lib/suricata/rules/emerging-web_specific_apps.rules 1/7/2021 -- 10:34:07 - - Loading rule file: /var/lib/suricata/rules/emerging-worm.rules 1/7/2021 -- 10:34:07 - - Loading rule file: /var/lib/suricata/rules/tor.rules 1/7/2021 -- 10:34:07 - - Loading rule file: /var/lib/suricata/rules/custom.rules 1/7/2021 -- 10:34:07 - - No rules loaded from custom.rules. 1/7/2021 -- 10:34:07 - - 32 rule files processed. 20590 rules successfully loaded, 0 rules failed 1/7/2021 -- 10:34:07 - - Threshold config parsed: 2 rule(s) found 1/7/2021 -- 10:34:07 - - using shared mpm ctx' for tcp-packet 1/7/2021 -- 10:34:07 - - using shared mpm ctx' for tcp-stream 1/7/2021 -- 10:34:07 - - using shared mpm ctx' for udp-packet 1/7/2021 -- 10:34:07 - - using shared mpm ctx' for other-ip 1/7/2021 -- 10:34:07 - - 20593 signatures processed. 1134 are IP-only rules, 3288 are inspecting packet payload, 16147 inspect application layer, 0 are decoder event only 1/7/2021 -- 10:34:07 - - building signature grouping structure, stage 1: preprocessing rules... complete 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.http.PK' is checked but not set. Checked in 2019835 and 3 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2016396 and 3 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019822 and 1 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.pdf.in.http' is checked but not set. Checked in 2017150 and 4 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017768 and 11 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MCOFF' is checked but not set. Checked in 2019837 and 1 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.armwget' is checked but not set. Checked in 2024241 and 1 other sigs 1/7/2021 -- 10:34:07 - - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs 1/7/2021 -- 10:34:07 - - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies 1/7/2021 -- 10:34:07 - - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies 1/7/2021 -- 10:34:08 - - UDP toserver: 41 port groups, 24 unique SGH's, 17 copies 1/7/2021 -- 10:34:08 - - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies 1/7/2021 -- 10:34:08 - - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies 1/7/2021 -- 10:34:08 - - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies 1/7/2021 -- 10:34:17 - - Unique rule groups: 106 1/7/2021 -- 10:34:17 - - Builtin MPM "toserver TCP packet": 29 1/7/2021 -- 10:34:17 - - Builtin MPM "toclient TCP packet": 20 1/7/2021 -- 10:34:17 - - Builtin MPM "toserver TCP stream": 29 1/7/2021 -- 10:34:17 - - Builtin MPM "toclient TCP stream": 21 1/7/2021 -- 10:34:17 - - Builtin MPM "toserver UDP packet": 24 1/7/2021 -- 10:34:17 - - Builtin MPM "toclient UDP packet": 18 1/7/2021 -- 10:34:17 - - Builtin MPM "other IP packet": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_uri (http)": 9 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_raw_uri (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_request_line (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_client_body (http)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_response_line (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_header (http)": 8 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_header (http)": 8 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_header_names (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_header_names (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_accept (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_accept_enc (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_accept_lang (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_referer (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_content_len (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_content_len (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_content_type (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_content_type (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_protocol (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_protocol (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_start (http)": 4 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_start (http)": 4 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_raw_header (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_raw_header (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_method (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_cookie (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_cookie (http)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_user_agent (http)": 5 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver http_host (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient http_stat_code (http)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver dns_query (dns)": 4 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver tls.sni (tls)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient tls.cert_issuer (tls)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient tls.cert_subject (tls)": 2 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient tls.cert_serial (tls)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver ssh.proto (ssh)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient ssh.proto (ssh)": 1 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver file_data (smtp)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient file_data (http)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver file_data (smb)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient file_data (smb)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toserver file_data (http2)": 6 1/7/2021 -- 10:34:17 - - AppLayer MPM "toclient file_data (http2)": 6 1/7/2021 -- 10:34:19 - - AutoFP mode using "Hash" flow load balancer 1/7/2021 -- 10:34:19 - - Using 1 live device(s). 1/7/2021 -- 10:34:19 - - using interface igb0 1/7/2021 -- 10:34:19 - - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets 1/7/2021 -- 10:34:19 - - Found an MTU of 1500 for 'igb0' 1/7/2021 -- 10:34:19 - - Set snaplen to 1524 for 'igb0' 1/7/2021 -- 10:34:19 - - RunModeIdsPcapAutoFp initialised 1/7/2021 -- 10:34:19 - - using 1 flow manager threads 1/7/2021 -- 10:34:19 - - using 1 flow recycler threads 1/7/2021 -- 10:34:19 - - Running in live mode, activating unix socket 1/7/2021 -- 10:34:19 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 1/7/2021 -- 10:34:19 - - all 13 packet processing threads, 4 management threads initialized, engine started. 1/7/2021 -- 10:34:36 - - No packets with invalid checksum, assuming checksum offloading is NOT used ^C1/7/2021 -- 10:50:25 - - Signal Received. Stopping engine. 1/7/2021 -- 10:50:25 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/7/2021 -- 10:51:26 - - [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - "RX#01-igb0". Killing engine #