[4688] 11/11/2011 -- 11:04:39 - (detect-pcre.c:128) (DetectPcreRegister) -- Using PCRE match-limit setting of: 3500 [4688] 11/11/2011 -- 11:04:39 - (detect-pcre.c:138) (DetectPcreRegister) -- Using PCRE match-limit-recursion setting of: 1500 [4688] 11/11/2011 -- 11:04:39 - (suricata.c:1429) (main) -- preallocated 50 packets. Total memory 154900 [4688] 11/11/2011 -- 11:04:39 - (flow.c:840) (FlowInitConfig) -- initializing flow engine... [4688] 11/11/2011 -- 11:04:39 - (flow.c:932) (FlowInitConfig) -- allocated 524288 bytes of memory for the flow hash... 65536 buckets of size 8 [4688] 11/11/2011 -- 11:04:39 - (flow.c:952) (FlowInitConfig) -- preallocated 10000 flows of size 132 [4688] 11/11/2011 -- 11:04:39 - (flow.c:954) (FlowInitConfig) -- flow memory usage: 1844288 bytes, maximum: 33554432 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/decoder-events.rules at line 2 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/decoder-events.rules at line 11 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/decoder-events.rules at line 77 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/decoder-events.rules at line 78 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/stream-events.rules at line 49 [4688] 11/11/2011 -- 11:04:39 - (detect.c:499) (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature " " from file c:/suricata/rules/stream-events.rules at line 50 [4688] 11/11/2011 -- 11:04:39 - (detect.c:631) (SigLoadSignatures) -- 2 rule files processed. 120 rules succesfully loaded, 6 rules failed [4688] 11/11/2011 -- 11:04:39 - (detect.c:2431) (SigAddressPrepareStage1) -- 120 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 72 are decoder event only [4688] 11/11/2011 -- 11:04:39 - (detect.c:2434) (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... complete [4688] 11/11/2011 -- 11:04:39 - (detect.c:3076) (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete [4688] 11/11/2011 -- 11:04:39 - (detect.c:3633) (SigAddressPrepareStage3) -- MPM memory 0 (dynamic 0, ctxs 0, avg per ctx 0) [4688] 11/11/2011 -- 11:04:39 - (detect.c:3635) (SigAddressPrepareStage3) -- max sig id 120, array size 16 [4688] 11/11/2011 -- 11:04:39 - (detect.c:3646) (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete [4688] 11/11/2011 -- 11:04:39 - (util-threshold-config.c:135) (SCThresholdConfInitContext) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "threshold.config": No such file or directory [4688] 11/11/2011 -- 11:04:39 - (alert-fastlog.c:366) (AlertFastLogInitCtx) -- Fast log output initialized, filename: fast.log [4688] 11/11/2011 -- 11:04:39 - (alert-unified2-alert.c:1150) (Unified2AlertInitCtx) -- Unified2-alert initialized: filename unified2.alert, limit 32 MB [4688] 11/11/2011 -- 11:04:39 - (log-httplog.c:448) (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log [4688] 11/11/2011 -- 11:04:39 - (log-droplog.c:176) (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log [4688] 11/11/2011 -- 11:04:39 - (runmode-pcap.c:126) (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{C752A41C-AC7A-4C4B-B297-472072684FE4}, using default value [5724] 11/11/2011 -- 11:04:39 - (source-pcap.c:318) (ReceivePcapThreadInit) -- using interface \Device\NPF_{C752A41C-AC7A-4C4B-B297-472072684FE4} [5724] 11/11/2011 -- 11:04:39 - (source-pcap.c:359) (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0 [4688] 11/11/2011 -- 11:04:39 - (runmode-pcap.c:229) (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:346) (StreamTcpInitConfig) -- stream "max_sessions": 262144 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:358) (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:368) (StreamTcpInitConfig) -- stream "memcap": 33554432 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:374) (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:380) (StreamTcpInitConfig) -- stream "async_oneside": disabled [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:397) (StreamTcpInitConfig) -- stream "checksum_validation": enabled [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:407) (StreamTcpInitConfig) -- stream."inline": disabled [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:416) (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:426) (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:449) (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560 [4688] 11/11/2011 -- 11:04:39 - (stream-tcp.c:451) (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560 [4688] 11/11/2011 -- 11:04:39 - (tm-threads.c:1806) (TmThreadWaitOnThreadInit) -- all 10 packet processing threads, 3 management threads initialized, engine started. [4688] 11/11/2011 -- 11:16:16 - (suricata.c:1570) (main) -- signal received [4688] 11/11/2011 -- 11:16:16 - (suricata.c:1579) (main) -- EngineStop received [4688] 11/11/2011 -- 11:16:16 - (suricata.c:1614) (main) -- all packets processed by threads, stopping engine [8160] 11/11/2011 -- 11:16:16 - (flow-manager.c:303) (FlowManagerThread) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state [4688] 11/11/2011 -- 11:16:16 - (suricata.c:1641) (main) -- time elapsed 697s [5724] 11/11/2011 -- 11:16:16 - (source-pcap.c:500) (ReceivePcapThreadExitStats) -- (ReceivePcap) Packets 9199, bytes 4464960 [5724] 11/11/2011 -- 11:16:16 - (source-pcap.c:511) (ReceivePcapThreadExitStats) -- (ReceivePcap) Pcap Total:9199 Recv:9199 Drop:0 (0.0%). [5892] 11/11/2011 -- 11:16:16 - (stream-tcp.c:3857) (StreamTcpExitPrintStats) -- (Decode & Stream) Packets 5816 [6792] 11/11/2011 -- 11:16:16 - (alert-fastlog.c:331) (AlertFastLogExitPrintStats) -- (Outputs) Alerts 18 [6792] 11/11/2011 -- 11:16:16 - (alert-unified2-alert.c:1074) (Unified2AlertThreadDeinit) -- Alert unified2 module wrote 18 alerts [6792] 11/11/2011 -- 11:16:16 - (log-httplog.c:396) (LogHttpLogExitPrintStats) -- (Outputs) HTTP requests 9 [6792] 11/11/2011 -- 11:16:16 - (log-droplog.c:384) (LogDropLogExitPrintStats) -- (Outputs) Dropped Packets 0 [4688] 11/11/2011 -- 11:16:24 - (stream-tcp-reassemble.c:363) (StreamTcpReassembleFree) -- Max memuse of the stream reassembly engine 11220864 (in use 0) [4688] 11/11/2011 -- 11:16:24 - (stream-tcp.c:496) (StreamTcpFreeConfig) -- Max memuse of stream engine 4587520 (in use 0) [4688] 11/11/2011 -- 11:16:24 - (detect.c:3673) (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete