Sep 10 03:24:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 03:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 03:30:01 Network-Security-Event-Validation-System systemd: Started Session 5399 of user root.
Sep 10 03:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 03:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 03:40:01 Network-Security-Event-Validation-System systemd: Started Session 5400 of user root.
Sep 10 03:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 03:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 03:50:01 Network-Security-Event-Validation-System systemd: Started Session 5401 of user root.
Sep 10 03:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5402 of user root.
Sep 10 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5403 of user root.
Sep 10 04:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:01:01 Network-Security-Event-Validation-System systemd: Started Session 5404 of user root.
Sep 10 04:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:10:01 Network-Security-Event-Validation-System systemd: Started Session 5405 of user root.
Sep 10 04:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:20:01 Network-Security-Event-Validation-System systemd: Started Session 5406 of user root.
Sep 10 04:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:30:01 Network-Security-Event-Validation-System systemd: Started Session 5407 of user root.
Sep 10 04:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:40:01 Network-Security-Event-Validation-System systemd: Started Session 5408 of user root.
Sep 10 04:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 04:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 04:50:01 Network-Security-Event-Validation-System systemd: Started Session 5409 of user root.
Sep 10 04:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5410 of user root.
Sep 10 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5411 of user root.
Sep 10 05:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:01:01 Network-Security-Event-Validation-System systemd: Started Session 5412 of user root.
Sep 10 05:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:10:01 Network-Security-Event-Validation-System systemd: Started Session 5413 of user root.
Sep 10 05:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:20:01 Network-Security-Event-Validation-System systemd: Started Session 5414 of user root.
Sep 10 05:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:30:01 Network-Security-Event-Validation-System systemd: Started Session 5415 of user root.
Sep 10 05:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:40:01 Network-Security-Event-Validation-System systemd: Started Session 5416 of user root.
Sep 10 05:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 05:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 05:50:01 Network-Security-Event-Validation-System systemd: Started Session 5417 of user root.
Sep 10 05:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5418 of user root.
Sep 10 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5419 of user root.
Sep 10 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5420 of user root.
Sep 10 06:00:52 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:01:01 Network-Security-Event-Validation-System systemd: Started Session 5421 of user root.
Sep 10 06:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:10:01 Network-Security-Event-Validation-System systemd: Started Session 5422 of user root.
Sep 10 06:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:20:01 Network-Security-Event-Validation-System systemd: Started Session 5423 of user root.
Sep 10 06:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:30:01 Network-Security-Event-Validation-System systemd: Started Session 5424 of user root.
Sep 10 06:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:40:01 Network-Security-Event-Validation-System systemd: Started Session 5425 of user root.
Sep 10 06:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 06:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 06:50:01 Network-Security-Event-Validation-System systemd: Started Session 5426 of user root.
Sep 10 06:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5427 of user root.
Sep 10 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5428 of user root.
Sep 10 07:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:01:01 Network-Security-Event-Validation-System systemd: Started Session 5429 of user root.
Sep 10 07:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:10:01 Network-Security-Event-Validation-System systemd: Started Session 5430 of user root.
Sep 10 07:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:20:01 Network-Security-Event-Validation-System systemd: Started Session 5431 of user root.
Sep 10 07:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:30:01 Network-Security-Event-Validation-System systemd: Started Session 5432 of user root.
Sep 10 07:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:40:01 Network-Security-Event-Validation-System systemd: Started Session 5433 of user root.
Sep 10 07:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 07:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 07:50:01 Network-Security-Event-Validation-System systemd: Started Session 5434 of user root.
Sep 10 07:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5435 of user root.
Sep 10 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5436 of user root.
Sep 10 08:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:01:01 Network-Security-Event-Validation-System systemd: Started Session 5437 of user root.
Sep 10 08:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:10:01 Network-Security-Event-Validation-System systemd: Started Session 5438 of user root.
Sep 10 08:10:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:20:01 Network-Security-Event-Validation-System systemd: Started Session 5439 of user root.
Sep 10 08:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:30:01 Network-Security-Event-Validation-System systemd: Started Session 5440 of user root.
Sep 10 08:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:40:01 Network-Security-Event-Validation-System systemd: Started Session 5441 of user root.
Sep 10 08:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 08:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 08:50:01 Network-Security-Event-Validation-System systemd: Started Session 5442 of user root.
Sep 10 08:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5443 of user root.
Sep 10 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5444 of user root.
Sep 10 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5445 of user root.
Sep 10 09:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:01:01 Network-Security-Event-Validation-System systemd: Started Session 5446 of user root.
Sep 10 09:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:10:01 Network-Security-Event-Validation-System systemd: Started Session 5447 of user root.
Sep 10 09:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:20:01 Network-Security-Event-Validation-System systemd: Started Session 5448 of user root.
Sep 10 09:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:30:01 Network-Security-Event-Validation-System systemd: Started Session 5449 of user root.
Sep 10 09:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:40:01 Network-Security-Event-Validation-System systemd: Started Session 5450 of user root.
Sep 10 09:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 09:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 09:50:01 Network-Security-Event-Validation-System systemd: Started Session 5451 of user root.
Sep 10 09:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5452 of user root.
Sep 10 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5453 of user root.
Sep 10 10:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:01:01 Network-Security-Event-Validation-System systemd: Started Session 5454 of user root.
Sep 10 10:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:10:01 Network-Security-Event-Validation-System systemd: Started Session 5455 of user root.
Sep 10 10:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:20:01 Network-Security-Event-Validation-System systemd: Started Session 5456 of user root.
Sep 10 10:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:30:01 Network-Security-Event-Validation-System systemd: Started Session 5457 of user root.
Sep 10 10:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:40:01 Network-Security-Event-Validation-System systemd: Started Session 5458 of user root.
Sep 10 10:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 10:50:02 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 10:50:02 Network-Security-Event-Validation-System systemd: Started Session 5459 of user root.
Sep 10 10:50:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5460 of user root.
Sep 10 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5461 of user root.
Sep 10 11:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:01:01 Network-Security-Event-Validation-System systemd: Started Session 5462 of user root.
Sep 10 11:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:10:01 Network-Security-Event-Validation-System systemd: Started Session 5463 of user root.
Sep 10 11:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:20:01 Network-Security-Event-Validation-System systemd: Started Session 5464 of user root.
Sep 10 11:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:30:01 Network-Security-Event-Validation-System systemd: Started Session 5465 of user root.
Sep 10 11:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:40:01 Network-Security-Event-Validation-System systemd: Started Session 5466 of user root.
Sep 10 11:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 11:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 11:50:01 Network-Security-Event-Validation-System systemd: Started Session 5467 of user root.
Sep 10 11:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5468 of user root.
Sep 10 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5469 of user root.
Sep 10 12:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:01:01 Network-Security-Event-Validation-System systemd: Started Session 5470 of user root.
Sep 10 12:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:10:01 Network-Security-Event-Validation-System systemd: Started Session 5471 of user root.
Sep 10 12:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:20:01 Network-Security-Event-Validation-System systemd: Started Session 5472 of user root.
Sep 10 12:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:30:01 Network-Security-Event-Validation-System systemd: Started Session 5473 of user root.
Sep 10 12:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:40:01 Network-Security-Event-Validation-System systemd: Started Session 5474 of user root.
Sep 10 12:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 12:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 12:50:01 Network-Security-Event-Validation-System systemd: Started Session 5475 of user root.
Sep 10 12:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5476 of user root.
Sep 10 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5477 of user root.
Sep 10 13:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:01:01 Network-Security-Event-Validation-System systemd: Started Session 5478 of user root.
Sep 10 13:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:10:01 Network-Security-Event-Validation-System systemd: Started Session 5479 of user root.
Sep 10 13:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:20:01 Network-Security-Event-Validation-System systemd: Started Session 5480 of user root.
Sep 10 13:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:30:01 Network-Security-Event-Validation-System systemd: Started Session 5481 of user root.
Sep 10 13:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:40:01 Network-Security-Event-Validation-System systemd: Started Session 5482 of user root.
Sep 10 13:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 13:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 13:50:01 Network-Security-Event-Validation-System systemd: Started Session 5483 of user root.
Sep 10 13:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5484 of user root.
Sep 10 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5485 of user root.
Sep 10 14:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:01:01 Network-Security-Event-Validation-System systemd: Started Session 5486 of user root.
Sep 10 14:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:10:01 Network-Security-Event-Validation-System systemd: Started Session 5487 of user root.
Sep 10 14:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:20:01 Network-Security-Event-Validation-System systemd: Started Session 5488 of user root.
Sep 10 14:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:30:01 Network-Security-Event-Validation-System systemd: Started Session 5489 of user root.
Sep 10 14:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:40:01 Network-Security-Event-Validation-System systemd: Started Session 5490 of user root.
Sep 10 14:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 14:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 14:50:01 Network-Security-Event-Validation-System systemd: Started Session 5491 of user root.
Sep 10 14:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5492 of user root.
Sep 10 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5493 of user root.
Sep 10 15:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:01:01 Network-Security-Event-Validation-System systemd: Started Session 5494 of user root.
Sep 10 15:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:10:01 Network-Security-Event-Validation-System systemd: Started Session 5495 of user root.
Sep 10 15:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:20:01 Network-Security-Event-Validation-System systemd: Started Session 5496 of user root.
Sep 10 15:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:30:01 Network-Security-Event-Validation-System systemd: Started Session 5497 of user root.
Sep 10 15:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:40:01 Network-Security-Event-Validation-System systemd: Started Session 5498 of user root.
Sep 10 15:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 15:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 15:50:01 Network-Security-Event-Validation-System systemd: Started Session 5499 of user root.
Sep 10 15:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5500 of user root.
Sep 10 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5501 of user root.
Sep 10 16:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:01:01 Network-Security-Event-Validation-System systemd: Started Session 5502 of user root.
Sep 10 16:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:10:01 Network-Security-Event-Validation-System systemd: Started Session 5503 of user root.
Sep 10 16:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:20:01 Network-Security-Event-Validation-System systemd: Started Session 5504 of user root.
Sep 10 16:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:30:01 Network-Security-Event-Validation-System systemd: Started Session 5505 of user root.
Sep 10 16:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:40:01 Network-Security-Event-Validation-System systemd: Started Session 5506 of user root.
Sep 10 16:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 16:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 16:50:01 Network-Security-Event-Validation-System systemd: Started Session 5507 of user root.
Sep 10 16:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5508 of user root.
Sep 10 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5509 of user root.
Sep 10 17:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:01:01 Network-Security-Event-Validation-System systemd: Started Session 5510 of user root.
Sep 10 17:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:10:01 Network-Security-Event-Validation-System systemd: Started Session 5511 of user root.
Sep 10 17:10:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:20:01 Network-Security-Event-Validation-System systemd: Started Session 5512 of user root.
Sep 10 17:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:29:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:29:01 Network-Security-Event-Validation-System systemd: Started Session 5513 of user root.
Sep 10 17:29:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5514 of user root.
Sep 10 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5515 of user root.
Sep 10 17:30:05 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:40:01 Network-Security-Event-Validation-System systemd: Started Session 5516 of user root.
Sep 10 17:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 17:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 17:50:01 Network-Security-Event-Validation-System systemd: Started Session 5517 of user root.
Sep 10 17:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5518 of user root.
Sep 10 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5519 of user root.
Sep 10 18:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:01:02 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:01:02 Network-Security-Event-Validation-System systemd: Started Session 5520 of user root.
Sep 10 18:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:10:01 Network-Security-Event-Validation-System systemd: Started Session 5521 of user root.
Sep 10 18:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:20:01 Network-Security-Event-Validation-System systemd: Started Session 5522 of user root.
Sep 10 18:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:30:01 Network-Security-Event-Validation-System systemd: Started Session 5523 of user root.
Sep 10 18:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:40:01 Network-Security-Event-Validation-System systemd: Started Session 5524 of user root.
Sep 10 18:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 18:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 18:50:01 Network-Security-Event-Validation-System systemd: Started Session 5525 of user root.
Sep 10 18:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5526 of user root.
Sep 10 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5527 of user root.
Sep 10 19:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:01:01 Network-Security-Event-Validation-System systemd: Started Session 5528 of user root.
Sep 10 19:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:10:01 Network-Security-Event-Validation-System systemd: Started Session 5529 of user root.
Sep 10 19:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:20:01 Network-Security-Event-Validation-System systemd: Started Session 5530 of user root.
Sep 10 19:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:30:01 Network-Security-Event-Validation-System systemd: Started Session 5531 of user root.
Sep 10 19:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:40:01 Network-Security-Event-Validation-System systemd: Started Session 5532 of user root.
Sep 10 19:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 19:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 19:50:01 Network-Security-Event-Validation-System systemd: Started Session 5533 of user root.
Sep 10 19:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5534 of user root.
Sep 10 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5535 of user root.
Sep 10 20:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:01:01 Network-Security-Event-Validation-System systemd: Started Session 5536 of user root.
Sep 10 20:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:10:01 Network-Security-Event-Validation-System systemd: Started Session 5537 of user root.
Sep 10 20:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:20:01 Network-Security-Event-Validation-System systemd: Started Session 5538 of user root.
Sep 10 20:20:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:30:01 Network-Security-Event-Validation-System systemd: Started Session 5539 of user root.
Sep 10 20:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:40:01 Network-Security-Event-Validation-System systemd: Started Session 5540 of user root.
Sep 10 20:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 20:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 20:50:01 Network-Security-Event-Validation-System systemd: Started Session 5541 of user root.
Sep 10 20:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5542 of user root.
Sep 10 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5543 of user root.
Sep 10 21:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:01:01 Network-Security-Event-Validation-System systemd: Started Session 5544 of user root.
Sep 10 21:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:10:01 Network-Security-Event-Validation-System systemd: Started Session 5545 of user root.
Sep 10 21:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:20:01 Network-Security-Event-Validation-System systemd: Started Session 5546 of user root.
Sep 10 21:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:30:01 Network-Security-Event-Validation-System systemd: Started Session 5547 of user root.
Sep 10 21:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:30:46 Network-Security-Event-Validation-System systemd: Starting Cleanup of Temporary Directories...
Sep 10 21:30:46 Network-Security-Event-Validation-System systemd: Started Cleanup of Temporary Directories.
Sep 10 21:36:55 Network-Security-Event-Validation-System sshd[26642]: Accepted password for root from 10.45.118.23 port 49756 ssh2
Sep 10 21:36:55 Network-Security-Event-Validation-System root[26676]: CMDLOG: (10.45.118.23) - PATH=$PATH:$HOME/bin
Sep 10 21:36:55 Network-Security-Event-Validation-System root[26677]: CMDLOG: (10.45.118.23) - export PATH
Sep 10 21:36:55 Network-Security-Event-Validation-System root[26678]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:37:31 Network-Security-Event-Validation-System root[26708]: CMDLOG: (10.45.118.23) - Bmon
Sep 10 21:37:31 Network-Security-Event-Validation-System root[26710]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:37:35 Network-Security-Event-Validation-System root[26714]: CMDLOG: (10.45.118.23) - bmon
Sep 10 21:39:04 Network-Security-Event-Validation-System root[26791]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:17 Network-Security-Event-Validation-System root[26801]: CMDLOG: (10.45.118.23) - ip a
Sep 10 21:39:17 Network-Security-Event-Validation-System root[26803]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:34 Network-Security-Event-Validation-System root[26818]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:34 Network-Security-Event-Validation-System root[26819]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:34 Network-Security-Event-Validation-System root[26820]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:46 Network-Security-Event-Validation-System root[26831]: CMDLOG: (10.45.118.23) - service suricatastatus
Sep 10 21:39:46 Network-Security-Event-Validation-System root[26842]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:39:58 Network-Security-Event-Validation-System root[26853]: CMDLOG: (10.45.118.23) - service suricata status
Sep 10 21:39:59 Network-Security-Event-Validation-System root[26865]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:40:01 Network-Security-Event-Validation-System systemd: Started Session 5548 of user root.
Sep 10 21:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:40:18 Network-Security-Event-Validation-System root[26889]: CMDLOG: (10.45.118.23) - history
Sep 10 21:40:19 Network-Security-Event-Validation-System root[26892]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:40:36 Network-Security-Event-Validation-System root[26906]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:40:36 Network-Security-Event-Validation-System root[26907]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:40:36 Network-Security-Event-Validation-System root[26908]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:41:08 Network-Security-Event-Validation-System root[26935]: CMDLOG: (10.45.118.23) - tail -100 /home/Suircata/log/suricata.log
Sep 10 21:41:08 Network-Security-Event-Validation-System root[26937]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:41:38 Network-Security-Event-Validation-System root[26963]: CMDLOG: (10.45.118.23) - tail -100 /home/Suricata/log/suricata.log
Sep 10 21:41:38 Network-Security-Event-Validation-System root[26965]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:41:53 Network-Security-Event-Validation-System root[26977]: CMDLOG: (10.45.118.23) - cd /home/Suricata
Sep 10 21:41:53 Network-Security-Event-Validation-System root[26978]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:41:54 Network-Security-Event-Validation-System root[26980]: CMDLOG: (10.45.118.23) - ls --color=auto
Sep 10 21:41:54 Network-Security-Event-Validation-System root[26982]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:42:00 Network-Security-Event-Validation-System root[26988]: CMDLOG: (10.45.118.23) - cd log
Sep 10 21:42:00 Network-Security-Event-Validation-System root[26989]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:42:02 Network-Security-Event-Validation-System root[26992]: CMDLOG: (10.45.118.23) - ls --color=auto
Sep 10 21:42:02 Network-Security-Event-Validation-System root[26994]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:42:09 Network-Security-Event-Validation-System root[27001]: CMDLOG: (10.45.118.23) - cd suricata
Sep 10 21:42:09 Network-Security-Event-Validation-System root[27002]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:42:10 Network-Security-Event-Validation-System root[27004]: CMDLOG: (10.45.118.23) - ls --color=auto
Sep 10 21:42:10 Network-Security-Event-Validation-System root[27006]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:42:24 Network-Security-Event-Validation-System root[27019]: CMDLOG: (10.45.118.23) - tail -100 suricata.log
Sep 10 21:42:24 Network-Security-Event-Validation-System root[27021]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:43:15 Network-Security-Event-Validation-System root[27062]: CMDLOG: (10.45.118.23) - service suricata start
Sep 10 21:43:16 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 10 21:43:16 Network-Security-Event-Validation-System root[27081]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: cpu: CPUs/cores online: 6
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: suricata: Setting engine mode to IDS mode by default
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: ioctl: em2: MTU 1500
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: ioctl: em4: MTU 1500
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: conf: Running in live mode, activating unix socket
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: log-pcap: Using log dir /home/pcap-log
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: log-pcap: Selected pcap-log compression method: none
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 10 21:43:16 Network-Security-Event-Validation-System suricata: [27080] Info: log-pcap: using Sguil compatible logging
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Info: detect: 5 rule files processed. 33269 rules successfully loaded, 0 rules failed
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Info: detect: 33270 signatures processed. 25 are IP-only rules, 7628 are inspecting packet payload, 25582 inspect application layer, 0 are decoder event only
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 10 21:43:20 Network-Security-Event-Validation-System suricata: [27080] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 21:43:21 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Unique rule groups: 191
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: Builtin MPM "other IP packet": 5
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 10 21:43:22 Network-Security-Event-Validation-System suricata: [27080] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 10 21:43:25 Network-Security-Event-Validation-System suricata: [27080] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 10 21:43:25 Network-Security-Event-Validation-System suricata: [27080] Info: runmodes: em2: creating 6 threads
Sep 10 21:43:25 Network-Security-Event-Validation-System suricata: [27089] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 10 21:43:25 Network-Security-Event-Validation-System suricata: [27089] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 10 21:43:26 Network-Security-Event-Validation-System suricata: [27080] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 10 21:43:26 Network-Security-Event-Validation-System suricata: [27080] Info: runmodes: em4: creating 6 threads
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27080] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27089] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27089] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27090] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27090] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27091] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27091] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27092] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27092] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27094] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27094] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27095] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27095] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27096] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27096] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27097] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27097] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27098] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27098] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27099] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27099] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27100] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:27 Network-Security-Event-Validation-System suricata: [27100] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:28 Network-Security-Event-Validation-System suricata: [27102] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:43:28 Network-Security-Event-Validation-System suricata: [27102] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:43:28 Network-Security-Event-Validation-System suricata: [27080] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 10 21:44:19 Network-Security-Event-Validation-System root[27149]: CMDLOG: (10.45.118.23) - htop
Sep 10 21:48:36 Network-Security-Event-Validation-System root[27366]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:37 Network-Security-Event-Validation-System root[27368]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27369]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27370]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27371]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27372]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27373]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27374]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27375]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27376]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27377]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27378]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:38 Network-Security-Event-Validation-System root[27379]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:50 Network-Security-Event-Validation-System root[27390]: CMDLOG: (10.45.118.23) - service suricata restart
Sep 10 21:48:50 Network-Security-Event-Validation-System suricata: [27080] Notice: suricata: Signal Received.  Stopping engine.
Sep 10 21:48:50 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 10 21:48:51 Network-Security-Event-Validation-System suricata: [27080] Info: suricata: time elapsed 326.413s
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27104] Perf: flow-manager: 50714 flows processed
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27089] Perf: af-packet: em2: (W#01-em2) kernel: Packets 98798, dropped 0
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27090] Perf: af-packet: em2: (W#02-em2) kernel: Packets 108447, dropped 0
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27091] Perf: af-packet: em2: (W#03-em2) kernel: Packets 246189, dropped 146
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27092] Perf: af-packet: em2: (W#04-em2) kernel: Packets 123704, dropped 0
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27094] Perf: af-packet: em2: (W#05-em2) kernel: Packets 113965, dropped 0
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27095] Perf: af-packet: em2: (W#06-em2) kernel: Packets 307585, dropped 8
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27096] Perf: af-packet: em4: (W#01-em4) kernel: Packets 1949124, dropped 3541
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27097] Perf: af-packet: em4: (W#02-em4) kernel: Packets 2112662, dropped 2732
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27098] Perf: af-packet: em4: (W#03-em4) kernel: Packets 1577997, dropped 2288
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27099] Perf: af-packet: em4: (W#04-em4) kernel: Packets 2345224, dropped 5670
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27100] Perf: af-packet: em4: (W#05-em4) kernel: Packets 2472580, dropped 5204
Sep 10 21:48:52 Network-Security-Event-Validation-System suricata: [27102] Perf: af-packet: em4: (W#06-em4) kernel: Packets 1716765, dropped 3127
Sep 10 21:48:53 Network-Security-Event-Validation-System suricata: [27080] Info: counters: Alerts: 0
Sep 10 21:48:53 Network-Security-Event-Validation-System suricata: [27080] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 10 21:48:53 Network-Security-Event-Validation-System suricata: [27080] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 10 21:48:54 Network-Security-Event-Validation-System suricata: [27080] Notice: device: em2: packets: 998688, drops: 154 (0.02%), invalid chksum: 0
Sep 10 21:48:54 Network-Security-Event-Validation-System suricata: [27080] Notice: device: em4: packets: 12174352, drops: 22562 (0.19%), invalid chksum: 0
Sep 10 21:48:54 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 10 21:48:55 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 10 21:48:55 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 10 21:48:55 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 10 21:48:55 Network-Security-Event-Validation-System root[27412]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: cpu: CPUs/cores online: 6
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: suricata: Setting engine mode to IDS mode by default
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: ioctl: em2: MTU 1500
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: ioctl: em4: MTU 1500
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: conf: Running in live mode, activating unix socket
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: log-pcap: Using log dir /home/pcap-log
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: log-pcap: Selected pcap-log compression method: none
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 10 21:48:55 Network-Security-Event-Validation-System suricata: [27411] Info: log-pcap: using Sguil compatible logging
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Info: detect: 5 rule files processed. 33269 rules successfully loaded, 0 rules failed
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Info: detect: 33270 signatures processed. 25 are IP-only rules, 7628 are inspecting packet payload, 25582 inspect application layer, 0 are decoder event only
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 10 21:48:59 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 10 21:49:00 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 10 21:49:00 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 10 21:49:00 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 10 21:49:00 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 21:49:00 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Unique rule groups: 191
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: Builtin MPM "other IP packet": 5
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 10 21:49:01 Network-Security-Event-Validation-System suricata: [27411] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 10 21:49:04 Network-Security-Event-Validation-System suricata: [27411] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 10 21:49:04 Network-Security-Event-Validation-System suricata: [27411] Info: runmodes: em2: creating 6 threads
Sep 10 21:49:04 Network-Security-Event-Validation-System suricata: [27421] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 10 21:49:04 Network-Security-Event-Validation-System suricata: [27421] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 10 21:49:05 Network-Security-Event-Validation-System suricata: [27411] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 10 21:49:05 Network-Security-Event-Validation-System suricata: [27411] Info: runmodes: em4: creating 6 threads
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27411] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27421] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27421] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27422] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27422] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27423] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27423] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27424] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27424] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27425] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27425] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27426] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27426] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27427] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27427] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27429] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27429] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27430] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27430] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27431] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27431] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27432] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27432] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27433] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 21:49:06 Network-Security-Event-Validation-System suricata: [27433] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 21:49:07 Network-Security-Event-Validation-System suricata: [27411] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 10 21:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 21:50:01 Network-Security-Event-Validation-System systemd: Started Session 5549 of user root.
Sep 10 21:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 21:50:05 Network-Security-Event-Validation-System root[27493]: CMDLOG: (10.45.118.23) - service suricta status
Sep 10 21:50:05 Network-Security-Event-Validation-System root[27506]: CMDLOG: (10.45.118.23) - history -a
Sep 10 21:50:20 Network-Security-Event-Validation-System root[27519]: CMDLOG: (10.45.118.23) - service suricata status
Sep 10 21:50:20 Network-Security-Event-Validation-System root[27531]: CMDLOG: (10.45.118.23) - history -a
Sep 10 22:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5550 of user root.
Sep 10 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5551 of user root.
Sep 10 22:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:01:01 Network-Security-Event-Validation-System systemd: Started Session 5552 of user root.
Sep 10 22:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:10:01 Network-Security-Event-Validation-System systemd: Started Session 5553 of user root.
Sep 10 22:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:20:01 Network-Security-Event-Validation-System systemd: Started Session 5554 of user root.
Sep 10 22:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:30:01 Network-Security-Event-Validation-System systemd: Started Session 5555 of user root.
Sep 10 22:30:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:40:01 Network-Security-Event-Validation-System systemd: Started Session 5556 of user root.
Sep 10 22:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 22:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 22:50:01 Network-Security-Event-Validation-System systemd: Started Session 5557 of user root.
Sep 10 22:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5558 of user root.
Sep 10 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5559 of user root.
Sep 10 23:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:01:01 Network-Security-Event-Validation-System systemd: Started Session 5560 of user root.
Sep 10 23:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:10:01 Network-Security-Event-Validation-System systemd: Started Session 5561 of user root.
Sep 10 23:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:20:01 Network-Security-Event-Validation-System systemd: Started Session 5562 of user root.
Sep 10 23:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:30:01 Network-Security-Event-Validation-System systemd: Started Session 5563 of user root.
Sep 10 23:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:40:01 Network-Security-Event-Validation-System systemd: Started Session 5564 of user root.
Sep 10 23:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:50:01 Network-Security-Event-Validation-System systemd: Started Session 5565 of user root.
Sep 10 23:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:53:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:53:01 Network-Security-Event-Validation-System systemd: Started Session 5566 of user root.
Sep 10 23:53:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:59:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 10 23:59:01 Network-Security-Event-Validation-System systemd: Started Session 5567 of user root.
Sep 10 23:59:01 Network-Security-Event-Validation-System suricata: [27411] Notice: suricata: Signal Received.  Stopping engine.
Sep 10 23:59:01 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 10 23:59:02 Network-Security-Event-Validation-System suricata: [27411] Info: suricata: time elapsed 7798.769s
Sep 10 23:59:03 Network-Security-Event-Validation-System suricata: [27435] Perf: flow-manager: 1107451 flows processed
Sep 10 23:59:03 Network-Security-Event-Validation-System suricata: [27421] Perf: af-packet: em2: (W#01-em2) kernel: Packets 3878436, dropped 3
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27422] Perf: af-packet: em2: (W#02-em2) kernel: Packets 3643584, dropped 0
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27423] Perf: af-packet: em2: (W#03-em2) kernel: Packets 6065428, dropped 288
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27424] Perf: af-packet: em2: (W#04-em2) kernel: Packets 4264061, dropped 132
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27425] Perf: af-packet: em2: (W#05-em2) kernel: Packets 4359932, dropped 460
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27426] Perf: af-packet: em2: (W#06-em2) kernel: Packets 6576011, dropped 122
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27427] Perf: af-packet: em4: (W#01-em4) kernel: Packets 46642258, dropped 4877
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27429] Perf: af-packet: em4: (W#02-em4) kernel: Packets 48192891, dropped 5960
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27430] Perf: af-packet: em4: (W#03-em4) kernel: Packets 41237544, dropped 6190
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27431] Perf: af-packet: em4: (W#04-em4) kernel: Packets 55756031, dropped 8298
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27432] Perf: af-packet: em4: (W#05-em4) kernel: Packets 52372703, dropped 6584
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27433] Perf: af-packet: em4: (W#06-em4) kernel: Packets 41882190, dropped 6818
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27411] Info: counters: Alerts: 14
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27411] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 10 23:59:04 Network-Security-Event-Validation-System suricata: [27411] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 10 23:59:05 Network-Security-Event-Validation-System suricata: [27411] Notice: device: em2: packets: 28787452, drops: 1005 (0.00%), invalid chksum: 0
Sep 10 23:59:05 Network-Security-Event-Validation-System suricata: [27411] Notice: device: em4: packets: 286083617, drops: 38727 (0.01%), invalid chksum: 0
Sep 10 23:59:06 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 10 23:59:06 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 10 23:59:06 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 10 23:59:06 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: cpu: CPUs/cores online: 6
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: suricata: Setting engine mode to IDS mode by default
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: ioctl: em2: MTU 1500
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: ioctl: em4: MTU 1500
Sep 10 23:59:06 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: conf: Running in live mode, activating unix socket
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: log-pcap: Using log dir /home/pcap-log
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: log-pcap: Selected pcap-log compression method: none
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 10 23:59:06 Network-Security-Event-Validation-System suricata: [1545] Info: log-pcap: using Sguil compatible logging
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Info: detect: 5 rule files processed. 33269 rules successfully loaded, 0 rules failed
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 10 23:59:10 Network-Security-Event-Validation-System suricata: [1545] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Info: detect: 33270 signatures processed. 25 are IP-only rules, 7628 are inspecting packet payload, 25582 inspect application layer, 0 are decoder event only
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 23:59:11 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Unique rule groups: 191
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: Builtin MPM "other IP packet": 5
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 10 23:59:12 Network-Security-Event-Validation-System suricata: [1545] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 10 23:59:15 Network-Security-Event-Validation-System suricata: [1545] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 10 23:59:15 Network-Security-Event-Validation-System suricata: [1545] Info: runmodes: em2: creating 6 threads
Sep 10 23:59:15 Network-Security-Event-Validation-System suricata: [1559] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 10 23:59:15 Network-Security-Event-Validation-System suricata: [1559] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 10 23:59:16 Network-Security-Event-Validation-System suricata: [1545] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 10 23:59:16 Network-Security-Event-Validation-System suricata: [1545] Info: runmodes: em4: creating 6 threads
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1545] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1559] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:17 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1559] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1560] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1560] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1561] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1561] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1564] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1564] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1566] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:17 Network-Security-Event-Validation-System suricata: [1566] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1567] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1567] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1568] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1568] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1569] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1569] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1570] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1570] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1571] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1571] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1572] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1572] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1574] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1574] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 10 23:59:18 Network-Security-Event-Validation-System suricata: [1545] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 11 00:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5569 of user root.
Sep 11 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5568 of user root.
Sep 11 00:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:00:09 Network-Security-Event-Validation-System kernel: W#03-em4[1570]: segfault at 8 ip 0000000000682e3a sp 00007f1cbb8390e0 error 4 in suricata[400000+995000]
Sep 11 00:00:33 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 11 00:00:33 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 11 00:00:33 Network-Security-Event-Validation-System systemd: suricata.service: main process exited, code=killed, status=11/SEGV
Sep 11 00:00:33 Network-Security-Event-Validation-System systemd: Unit suricata.service entered failed state.
Sep 11 00:00:33 Network-Security-Event-Validation-System systemd: suricata.service failed.
Sep 11 00:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:01:01 Network-Security-Event-Validation-System systemd: Started Session 5570 of user root.
Sep 11 00:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:10:01 Network-Security-Event-Validation-System systemd: Started Session 5571 of user root.
Sep 11 00:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:20:01 Network-Security-Event-Validation-System systemd: Started Session 5572 of user root.
Sep 11 00:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:30:01 Network-Security-Event-Validation-System systemd: Started Session 5573 of user root.
Sep 11 00:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:40:01 Network-Security-Event-Validation-System systemd: Started Session 5574 of user root.
Sep 11 00:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 00:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 00:50:01 Network-Security-Event-Validation-System systemd: Started Session 5575 of user root.
Sep 11 00:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5576 of user root.
Sep 11 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5577 of user root.
Sep 11 01:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:01:01 Network-Security-Event-Validation-System systemd: Started Session 5578 of user root.
Sep 11 01:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:10:01 Network-Security-Event-Validation-System systemd: Started Session 5579 of user root.
Sep 11 01:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:20:01 Network-Security-Event-Validation-System systemd: Started Session 5580 of user root.
Sep 11 01:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:30:01 Network-Security-Event-Validation-System systemd: Started Session 5581 of user root.
Sep 11 01:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:40:01 Network-Security-Event-Validation-System systemd: Started Session 5582 of user root.
Sep 11 01:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 01:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 01:50:01 Network-Security-Event-Validation-System systemd: Started Session 5583 of user root.
Sep 11 01:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5584 of user root.
Sep 11 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5585 of user root.
Sep 11 02:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:01:01 Network-Security-Event-Validation-System systemd: Started Session 5586 of user root.
Sep 11 02:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:10:01 Network-Security-Event-Validation-System systemd: Started Session 5587 of user root.
Sep 11 02:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:20:01 Network-Security-Event-Validation-System systemd: Started Session 5588 of user root.
Sep 11 02:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:30:01 Network-Security-Event-Validation-System systemd: Started Session 5589 of user root.
Sep 11 02:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:40:01 Network-Security-Event-Validation-System systemd: Started Session 5590 of user root.
Sep 11 02:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 02:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 02:50:01 Network-Security-Event-Validation-System systemd: Started Session 5591 of user root.
Sep 11 02:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 03:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5592 of user root.
Sep 11 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5593 of user root.
Sep 11 03:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 03:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 03:01:01 Network-Security-Event-Validation-System systemd: Started Session 5594 of user root.
Sep 11 03:10:01 Network-Security-Event-Validation-System systemd: Started Session 5595 of user root.
Sep 11 03:20:01 Network-Security-Event-Validation-System systemd: Started Session 5596 of user root.
Sep 11 03:30:01 Network-Security-Event-Validation-System systemd: Started Session 5597 of user root.
Sep 11 03:40:02 Network-Security-Event-Validation-System systemd: Started Session 5598 of user root.
Sep 11 03:43:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 03:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 03:50:01 Network-Security-Event-Validation-System systemd: Started Session 5599 of user root.
Sep 11 03:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5600 of user root.
Sep 11 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5601 of user root.
Sep 11 04:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:01:01 Network-Security-Event-Validation-System systemd: Started Session 5602 of user root.
Sep 11 04:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:10:01 Network-Security-Event-Validation-System systemd: Started Session 5603 of user root.
Sep 11 04:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:20:01 Network-Security-Event-Validation-System systemd: Started Session 5604 of user root.
Sep 11 04:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:30:01 Network-Security-Event-Validation-System systemd: Started Session 5605 of user root.
Sep 11 04:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:40:01 Network-Security-Event-Validation-System systemd: Started Session 5606 of user root.
Sep 11 04:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 04:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 04:50:01 Network-Security-Event-Validation-System systemd: Started Session 5607 of user root.
Sep 11 04:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5608 of user root.
Sep 11 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5609 of user root.
Sep 11 05:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:01:01 Network-Security-Event-Validation-System systemd: Started Session 5610 of user root.
Sep 11 05:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:10:01 Network-Security-Event-Validation-System systemd: Started Session 5611 of user root.
Sep 11 05:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:20:01 Network-Security-Event-Validation-System systemd: Started Session 5612 of user root.
Sep 11 05:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:30:01 Network-Security-Event-Validation-System systemd: Started Session 5613 of user root.
Sep 11 05:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:40:01 Network-Security-Event-Validation-System systemd: Started Session 5614 of user root.
Sep 11 05:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 05:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 05:50:01 Network-Security-Event-Validation-System systemd: Started Session 5615 of user root.
Sep 11 05:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5616 of user root.
Sep 11 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5617 of user root.
Sep 11 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5618 of user root.
Sep 11 06:00:53 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:01:01 Network-Security-Event-Validation-System systemd: Started Session 5619 of user root.
Sep 11 06:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:10:01 Network-Security-Event-Validation-System systemd: Started Session 5620 of user root.
Sep 11 06:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:20:01 Network-Security-Event-Validation-System systemd: Started Session 5621 of user root.
Sep 11 06:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:30:01 Network-Security-Event-Validation-System systemd: Started Session 5622 of user root.
Sep 11 06:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:40:01 Network-Security-Event-Validation-System systemd: Started Session 5623 of user root.
Sep 11 06:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 06:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 06:50:01 Network-Security-Event-Validation-System systemd: Started Session 5624 of user root.
Sep 11 06:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5625 of user root.
Sep 11 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5626 of user root.
Sep 11 07:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:01:01 Network-Security-Event-Validation-System systemd: Started Session 5627 of user root.
Sep 11 07:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:10:01 Network-Security-Event-Validation-System systemd: Started Session 5628 of user root.
Sep 11 07:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:20:01 Network-Security-Event-Validation-System systemd: Started Session 5629 of user root.
Sep 11 07:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:30:01 Network-Security-Event-Validation-System systemd: Started Session 5630 of user root.
Sep 11 07:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:40:01 Network-Security-Event-Validation-System systemd: Started Session 5631 of user root.
Sep 11 07:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 07:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 07:50:01 Network-Security-Event-Validation-System systemd: Started Session 5632 of user root.
Sep 11 07:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5633 of user root.
Sep 11 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5634 of user root.
Sep 11 08:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:01:01 Network-Security-Event-Validation-System systemd: Started Session 5635 of user root.
Sep 11 08:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:10:01 Network-Security-Event-Validation-System systemd: Started Session 5636 of user root.
Sep 11 08:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:20:01 Network-Security-Event-Validation-System systemd: Started Session 5637 of user root.
Sep 11 08:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:30:01 Network-Security-Event-Validation-System systemd: Started Session 5638 of user root.
Sep 11 08:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:40:01 Network-Security-Event-Validation-System systemd: Started Session 5639 of user root.
Sep 11 08:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 08:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 08:50:01 Network-Security-Event-Validation-System systemd: Started Session 5640 of user root.
Sep 11 08:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5641 of user root.
Sep 11 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5643 of user root.
Sep 11 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5642 of user root.
Sep 11 09:00:05 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:01:01 Network-Security-Event-Validation-System systemd: Started Session 5644 of user root.
Sep 11 09:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:10:01 Network-Security-Event-Validation-System systemd: Started Session 5645 of user root.
Sep 11 09:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:20:01 Network-Security-Event-Validation-System systemd: Started Session 5646 of user root.
Sep 11 09:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:30:01 Network-Security-Event-Validation-System systemd: Started Session 5647 of user root.
Sep 11 09:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:40:01 Network-Security-Event-Validation-System systemd: Started Session 5648 of user root.
Sep 11 09:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 09:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 09:50:01 Network-Security-Event-Validation-System systemd: Started Session 5649 of user root.
Sep 11 09:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5650 of user root.
Sep 11 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5651 of user root.
Sep 11 10:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:01:01 Network-Security-Event-Validation-System systemd: Started Session 5652 of user root.
Sep 11 10:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:10:01 Network-Security-Event-Validation-System systemd: Started Session 5653 of user root.
Sep 11 10:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:20:01 Network-Security-Event-Validation-System systemd: Started Session 5654 of user root.
Sep 11 10:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:27:37 Network-Security-Event-Validation-System sshd[32653]: Accepted password for root from 10.45.118.19 port 50405 ssh2
Sep 11 10:27:38 Network-Security-Event-Validation-System root[32688]: CMDLOG: (10.45.118.19) - PATH=$PATH:$HOME/bin
Sep 11 10:27:38 Network-Security-Event-Validation-System root[32689]: CMDLOG: (10.45.118.19) - export PATH
Sep 11 10:27:38 Network-Security-Event-Validation-System root[32690]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:27:40 Network-Security-Event-Validation-System root[32702]: CMDLOG:  - /usr/libexec/sftp-server
Sep 11 10:27:40 Network-Security-Event-Validation-System sftp-server[32692]: error: Unknown extended request "fs-multiple-roots-supported@vandyke.com"
Sep 11 10:27:40 Network-Security-Event-Validation-System sftp-server[32692]: error: Unknown extended request "vendor-id"
Sep 11 10:28:14 Network-Security-Event-Validation-System root[32730]: CMDLOG: (10.45.118.19) - service suricata status
Sep 11 10:28:14 Network-Security-Event-Validation-System root[32743]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:28:42 Network-Security-Event-Validation-System root[32767]: CMDLOG: (10.45.118.19) - suricata suricata start
Sep 11 10:28:42 Network-Security-Event-Validation-System root[301]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:28:54 Network-Security-Event-Validation-System root[312]: CMDLOG: (10.45.118.19) - service suricata start
Sep 11 10:28:54 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 11 10:28:54 Network-Security-Event-Validation-System root[354]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:28:54 Network-Security-Event-Validation-System suricata: [353] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 11 10:28:54 Network-Security-Event-Validation-System suricata: [353] Info: cpu: CPUs/cores online: 6
Sep 11 10:28:54 Network-Security-Event-Validation-System suricata: [353] Info: suricata: Setting engine mode to IDS mode by default
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: ioctl: em2: MTU 1500
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: ioctl: em4: MTU 1500
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: conf: Running in live mode, activating unix socket
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: log-pcap: Using log dir /home/pcap-log
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: log-pcap: Selected pcap-log compression method: none
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 11 10:28:55 Network-Security-Event-Validation-System suricata: [353] Info: log-pcap: using Sguil compatible logging
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Info: detect: 5 rule files processed. 33392 rules successfully loaded, 0 rules failed
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Info: detect: 33393 signatures processed. 25 are IP-only rules, 7677 are inspecting packet payload, 25656 inspect application layer, 0 are decoder event only
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 11 10:28:59 Network-Security-Event-Validation-System suricata: [353] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 11 10:29:00 Network-Security-Event-Validation-System suricata: [353] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 11 10:29:00 Network-Security-Event-Validation-System suricata: [353] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 11 10:29:00 Network-Security-Event-Validation-System suricata: [353] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 11 10:29:00 Network-Security-Event-Validation-System suricata: [353] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 10:29:00 Network-Security-Event-Validation-System suricata: [353] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Unique rule groups: 191
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: Builtin MPM "other IP packet": 5
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 11 10:29:01 Network-Security-Event-Validation-System suricata: [353] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 11 10:29:04 Network-Security-Event-Validation-System suricata: [353] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 11 10:29:04 Network-Security-Event-Validation-System suricata: [353] Info: runmodes: em2: creating 6 threads
Sep 11 10:29:04 Network-Security-Event-Validation-System suricata: [364] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 11 10:29:04 Network-Security-Event-Validation-System suricata: [364] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 11 10:29:05 Network-Security-Event-Validation-System suricata: [353] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 11 10:29:05 Network-Security-Event-Validation-System suricata: [353] Info: runmodes: em4: creating 6 threads
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [353] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [364] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [364] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [365] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [365] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [366] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [366] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [367] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [367] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [369] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [369] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [370] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [370] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [371] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [371] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [372] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [372] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [373] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [373] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [374] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [374] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:06 Network-Security-Event-Validation-System suricata: [375] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:07 Network-Security-Event-Validation-System suricata: [375] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:07 Network-Security-Event-Validation-System suricata: [377] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:29:07 Network-Security-Event-Validation-System suricata: [377] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:29:07 Network-Security-Event-Validation-System suricata: [353] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 11 10:29:18 Network-Security-Event-Validation-System root[392]: CMDLOG: (10.45.118.19) - cat /etc/contab
Sep 11 10:29:18 Network-Security-Event-Validation-System root[394]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:29:24 Network-Security-Event-Validation-System root[400]: CMDLOG: (10.45.118.19) - cat /etc/crontab
Sep 11 10:29:24 Network-Security-Event-Validation-System root[402]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:29:44 Network-Security-Event-Validation-System root[419]: CMDLOG: (10.45.118.19) - vim /etc/crontab
Sep 11 10:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:30:01 Network-Security-Event-Validation-System systemd: Started Session 5655 of user root.
Sep 11 10:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:30:50 Network-Security-Event-Validation-System root[497]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:31:00 Network-Security-Event-Validation-System root[506]: CMDLOG: (10.45.118.19) - cat /var/log/cron
Sep 11 10:31:00 Network-Security-Event-Validation-System root[509]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:31:50 Network-Security-Event-Validation-System root[550]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:31:57 Network-Security-Event-Validation-System root[557]: CMDLOG: (10.45.118.19) - journalctl -u suricata
Sep 11 10:33:40 Network-Security-Event-Validation-System root[648]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:33:52 Network-Security-Event-Validation-System root[659]: CMDLOG: (10.45.118.19) - htop
Sep 11 10:33:59 Network-Security-Event-Validation-System root[666]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:01 Network-Security-Event-Validation-System root[669]: CMDLOG: (10.45.118.19) - crontbal
Sep 11 10:34:01 Network-Security-Event-Validation-System root[671]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:05 Network-Security-Event-Validation-System root[675]: CMDLOG: (10.45.118.19) - ctontab
Sep 11 10:34:05 Network-Security-Event-Validation-System root[678]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:12 Network-Security-Event-Validation-System root[685]: CMDLOG: (10.45.118.19) - crontab -L
Sep 11 10:34:12 Network-Security-Event-Validation-System root[687]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:17 Network-Security-Event-Validation-System root[692]: CMDLOG: (10.45.118.19) - crontab -l
Sep 11 10:34:17 Network-Security-Event-Validation-System root[694]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:49 Network-Security-Event-Validation-System root[740]: CMDLOG: (10.45.118.19) - cat /etc/crontab
Sep 11 10:34:49 Network-Security-Event-Validation-System root[742]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:34:56 Network-Security-Event-Validation-System root[750]: CMDLOG: (10.45.118.19) - cat /home/Suricata/log/suricata/suricata-logrotate
Sep 11 10:34:56 Network-Security-Event-Validation-System root[752]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:35:07 Network-Security-Event-Validation-System root[761]: CMDLOG: (10.45.118.19) - ifconfig
Sep 11 10:35:07 Network-Security-Event-Validation-System root[763]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:35:26 Network-Security-Event-Validation-System root[780]: CMDLOG: (10.45.118.19) - cat /var/log/message
Sep 11 10:35:26 Network-Security-Event-Validation-System root[783]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:40:01 Network-Security-Event-Validation-System systemd: Started Session 5656 of user root.
Sep 11 10:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:45:46 Network-Security-Event-Validation-System root[1307]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:45:46 Network-Security-Event-Validation-System root[1308]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:45:46 Network-Security-Event-Validation-System root[1310]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:45:46 Network-Security-Event-Validation-System root[1311]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:01 Network-Security-Event-Validation-System root[1357]: CMDLOG: (10.45.118.19) - PATH=$PATH:$HOME/bin
Sep 11 10:46:01 Network-Security-Event-Validation-System root[1358]: CMDLOG: (10.45.118.19) - export PATH
Sep 11 10:46:01 Network-Security-Event-Validation-System root[1360]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:03 Network-Security-Event-Validation-System root[1362]: CMDLOG: (10.45.118.19) - htop
Sep 11 10:46:13 Network-Security-Event-Validation-System root[1372]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:13 Network-Security-Event-Validation-System root[1373]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:13 Network-Security-Event-Validation-System root[1374]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:13 Network-Security-Event-Validation-System root[1375]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:14 Network-Security-Event-Validation-System root[1377]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:46:14 Network-Security-Event-Validation-System root[1379]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1380]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1382]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1383]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1384]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1385]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1386]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1387]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1388]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:15 Network-Security-Event-Validation-System root[1389]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:42 Network-Security-Event-Validation-System root[1413]: CMDLOG: (10.45.118.19) - logrotate -vf /home/Suricata/log/suricata/suricata-logrotate
Sep 11 10:46:42 Network-Security-Event-Validation-System suricata: [353] Notice: suricata: Signal Received.  Stopping engine.
Sep 11 10:46:42 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 11 10:46:45 Network-Security-Event-Validation-System suricata: [353] Info: suricata: time elapsed 1061.790s
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [379] Perf: flow-manager: 1426397 flows processed
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [364] Perf: af-packet: em2: (W#01-em2) kernel: Packets 16764939, dropped 79825
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [365] Perf: af-packet: em2: (W#02-em2) kernel: Packets 16923022, dropped 49399
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [366] Perf: af-packet: em2: (W#03-em2) kernel: Packets 16798503, dropped 58746
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [367] Perf: af-packet: em2: (W#04-em2) kernel: Packets 15773241, dropped 41106
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [369] Perf: af-packet: em2: (W#05-em2) kernel: Packets 15699495, dropped 32662
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [370] Perf: af-packet: em2: (W#06-em2) kernel: Packets 16157648, dropped 38683
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [371] Perf: af-packet: em4: (W#01-em4) kernel: Packets 16592934, dropped 77526
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [372] Perf: af-packet: em4: (W#02-em4) kernel: Packets 13640377, dropped 47327
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [373] Perf: af-packet: em4: (W#03-em4) kernel: Packets 13890733, dropped 50113
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [374] Perf: af-packet: em4: (W#04-em4) kernel: Packets 14524215, dropped 42237
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [375] Perf: af-packet: em4: (W#05-em4) kernel: Packets 15371708, dropped 46501
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [377] Perf: af-packet: em4: (W#06-em4) kernel: Packets 17188464, dropped 50160
Sep 11 10:46:47 Network-Security-Event-Validation-System suricata: [353] Info: counters: Alerts: 65
Sep 11 10:46:48 Network-Security-Event-Validation-System suricata: [353] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 11 10:46:48 Network-Security-Event-Validation-System suricata: [353] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 11 10:46:49 Network-Security-Event-Validation-System suricata: [353] Notice: device: em2: packets: 98116848, drops: 300421 (0.31%), invalid chksum: 0
Sep 11 10:46:49 Network-Security-Event-Validation-System suricata: [353] Notice: device: em4: packets: 91208431, drops: 313864 (0.34%), invalid chksum: 0
Sep 11 10:46:50 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 11 10:46:50 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 11 10:46:50 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 11 10:46:50 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: cpu: CPUs/cores online: 6
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: suricata: Setting engine mode to IDS mode by default
Sep 11 10:46:50 Network-Security-Event-Validation-System root[1441]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: ioctl: em2: MTU 1500
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: ioctl: em4: MTU 1500
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: conf: Running in live mode, activating unix socket
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: log-pcap: Using log dir /home/pcap-log
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: log-pcap: Selected pcap-log compression method: none
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 11 10:46:50 Network-Security-Event-Validation-System suricata: [1440] Info: log-pcap: using Sguil compatible logging
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Info: detect: 5 rule files processed. 33392 rules successfully loaded, 0 rules failed
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Info: detect: 33393 signatures processed. 25 are IP-only rules, 7677 are inspecting packet payload, 25656 inspect application layer, 0 are decoder event only
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 11 10:46:54 Network-Security-Event-Validation-System suricata: [1440] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 10:46:55 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Unique rule groups: 191
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: Builtin MPM "other IP packet": 5
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 11 10:46:56 Network-Security-Event-Validation-System suricata: [1440] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 11 10:46:59 Network-Security-Event-Validation-System suricata: [1440] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 11 10:46:59 Network-Security-Event-Validation-System suricata: [1440] Info: runmodes: em2: creating 6 threads
Sep 11 10:46:59 Network-Security-Event-Validation-System suricata: [1449] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 11 10:46:59 Network-Security-Event-Validation-System suricata: [1449] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 11 10:47:00 Network-Security-Event-Validation-System suricata: [1440] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 11 10:47:00 Network-Security-Event-Validation-System suricata: [1440] Info: runmodes: em4: creating 6 threads
Sep 11 10:47:00 Network-Security-Event-Validation-System root[1490]: CMDLOG: (10.45.118.19) - PATH=$PATH:$HOME/bin
Sep 11 10:47:00 Network-Security-Event-Validation-System root[1491]: CMDLOG: (10.45.118.19) - export PATH
Sep 11 10:47:00 Network-Security-Event-Validation-System root[1492]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1440] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1449] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1449] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1450] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1450] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1451] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1451] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1453] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1453] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1454] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1454] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1455] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1455] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1456] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1456] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1468] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:01 Network-Security-Event-Validation-System suricata: [1468] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1493] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1493] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1494] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1494] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1496] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1496] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1497] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1497] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 10:47:02 Network-Security-Event-Validation-System suricata: [1440] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 11 10:47:25 Network-Security-Event-Validation-System root[1522]: CMDLOG: (10.45.118.19) - tailf /home/Suricata/log/suricata/suricata.log
Sep 11 10:48:29 Network-Security-Event-Validation-System root[1576]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:46 Network-Security-Event-Validation-System root[1591]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:46 Network-Security-Event-Validation-System root[1592]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:50 Network-Security-Event-Validation-System root[1596]: CMDLOG: (10.45.118.19) - cd /home/Suricata
Sep 11 10:48:50 Network-Security-Event-Validation-System root[1597]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:50 Network-Security-Event-Validation-System root[1598]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:48:50 Network-Security-Event-Validation-System root[1600]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:53 Network-Security-Event-Validation-System root[1603]: CMDLOG: (10.45.118.19) - cd log
Sep 11 10:48:53 Network-Security-Event-Validation-System root[1604]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:53 Network-Security-Event-Validation-System root[1606]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:48:53 Network-Security-Event-Validation-System root[1608]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:55 Network-Security-Event-Validation-System root[1611]: CMDLOG: (10.45.118.19) - cd suricata
Sep 11 10:48:55 Network-Security-Event-Validation-System root[1612]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:48:56 Network-Security-Event-Validation-System root[1614]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:48:56 Network-Security-Event-Validation-System root[1616]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:49:13 Network-Security-Event-Validation-System root[1630]: CMDLOG: (10.45.118.19) - rm -i eve.json-eve.json-20230911
Sep 11 10:49:13 Network-Security-Event-Validation-System root[1632]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:49:18 Network-Security-Event-Validation-System root[1637]: CMDLOG: (10.45.118.19) - rm -i eve.json-20230911
Sep 11 10:49:19 Network-Security-Event-Validation-System root[1640]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:49:23 Network-Security-Event-Validation-System root[1645]: CMDLOG: (10.45.118.19) - service suricata status
Sep 11 10:49:23 Network-Security-Event-Validation-System root[1657]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:49:40 Network-Security-Event-Validation-System root[1671]: CMDLOG: (10.45.118.19) - cd ~
Sep 11 10:49:40 Network-Security-Event-Validation-System root[1672]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:49:41 Network-Security-Event-Validation-System root[1674]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:49:41 Network-Security-Event-Validation-System root[1676]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 10:50:01 Network-Security-Event-Validation-System systemd: Started Session 5657 of user root.
Sep 11 10:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 10:51:04 Network-Security-Event-Validation-System root[1753]: CMDLOG: (10.45.118.19) - rm -i *.cap -rf
Sep 11 10:51:04 Network-Security-Event-Validation-System root[1755]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:11 Network-Security-Event-Validation-System root[1762]: CMDLOG: (10.45.118.19) - rm -i *.pcap -rf
Sep 11 10:51:11 Network-Security-Event-Validation-System root[1764]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:11 Network-Security-Event-Validation-System root[1765]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:51:11 Network-Security-Event-Validation-System root[1767]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:18 Network-Security-Event-Validation-System root[1774]: CMDLOG: (10.45.118.19) - rm -i *.tar -rf
Sep 11 10:51:18 Network-Security-Event-Validation-System root[1776]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:18 Network-Security-Event-Validation-System root[1778]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:51:18 Network-Security-Event-Validation-System root[1780]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:28 Network-Security-Event-Validation-System root[1788]: CMDLOG: (10.45.118.19) - rm -i *.tar -rf
Sep 11 10:51:28 Network-Security-Event-Validation-System root[1790]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:28 Network-Security-Event-Validation-System root[1792]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:51:28 Network-Security-Event-Validation-System root[1794]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:40 Network-Security-Event-Validation-System root[1805]: CMDLOG: (10.45.118.19) - rm -i *.rpm -rf
Sep 11 10:51:40 Network-Security-Event-Validation-System root[1807]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:41 Network-Security-Event-Validation-System root[1809]: CMDLOG: (10.45.118.19) - l
Sep 11 10:51:41 Network-Security-Event-Validation-System root[1811]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:42 Network-Security-Event-Validation-System root[1813]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:51:42 Network-Security-Event-Validation-System root[1816]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:56 Network-Security-Event-Validation-System root[1828]: CMDLOG: (10.45.118.19) - rm -i *.tar.gz -rf
Sep 11 10:51:56 Network-Security-Event-Validation-System root[1830]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:51:57 Network-Security-Event-Validation-System root[1831]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:51:57 Network-Security-Event-Validation-System root[1833]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:52:03 Network-Security-Event-Validation-System root[1846]: CMDLOG: (10.45.118.19) - rm -i *.zip -rf
Sep 11 10:52:03 Network-Security-Event-Validation-System root[1848]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:52:03 Network-Security-Event-Validation-System root[1850]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:52:03 Network-Security-Event-Validation-System root[1852]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:52:20 Network-Security-Event-Validation-System root[1866]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto -h
Sep 11 10:52:20 Network-Security-Event-Validation-System root[1868]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:52:35 Network-Security-Event-Validation-System root[1882]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:52:35 Network-Security-Event-Validation-System root[1884]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:05 Network-Security-Event-Validation-System root[1909]: CMDLOG: (10.45.118.19) - clamscan
Sep 11 10:53:05 Network-Security-Event-Validation-System root[1911]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:20 Network-Security-Event-Validation-System root[1924]: CMDLOG: (10.45.118.19) - find / -name clam*
Sep 11 10:53:42 Network-Security-Event-Validation-System root[1943]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:45 Network-Security-Event-Validation-System root[1947]: CMDLOG: (10.45.118.19) - rm -i *.log -rf
Sep 11 10:53:45 Network-Security-Event-Validation-System root[1949]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:45 Network-Security-Event-Validation-System root[1950]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:53:45 Network-Security-Event-Validation-System root[1952]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:54 Network-Security-Event-Validation-System root[1960]: CMDLOG: (10.45.118.19) - rm -i *.sh -rf
Sep 11 10:53:54 Network-Security-Event-Validation-System root[1962]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:53:55 Network-Security-Event-Validation-System root[1964]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:53:55 Network-Security-Event-Validation-System root[1966]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:54:07 Network-Security-Event-Validation-System root[1976]: CMDLOG: (10.45.118.19) - rm -i py-alert* -rf
Sep 11 10:54:07 Network-Security-Event-Validation-System root[1978]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:54:07 Network-Security-Event-Validation-System root[1980]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:54:07 Network-Security-Event-Validation-System root[1982]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:54:20 Network-Security-Event-Validation-System root[1993]: CMDLOG: (10.45.118.19) - suricata -T -c /etc/suricata/suricata.yaml
Sep 11 10:54:20 Network-Security-Event-Validation-System root[1995]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:55:15 Network-Security-Event-Validation-System root[2042]: CMDLOG: (10.45.118.19) - rm -i --
Sep 11 10:55:15 Network-Security-Event-Validation-System root[2044]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:56:11 Network-Security-Event-Validation-System root[2090]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:56:11 Network-Security-Event-Validation-System root[2092]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:56:38 Network-Security-Event-Validation-System root[2114]: CMDLOG: (10.45.118.19) - rm -i evebox * -rf
Sep 11 10:56:44 Network-Security-Event-Validation-System root[2121]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:56:45 Network-Security-Event-Validation-System root[2123]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 10:56:45 Network-Security-Event-Validation-System root[2125]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:56:46 Network-Security-Event-Validation-System root[2127]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto
Sep 11 10:56:46 Network-Security-Event-Validation-System root[2129]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:57:41 Network-Security-Event-Validation-System root[2174]: CMDLOG: (10.45.118.19) - cat /etc/crontab
Sep 11 10:57:41 Network-Security-Event-Validation-System root[2176]: CMDLOG: (10.45.118.19) - history -a
Sep 11 10:58:18 Network-Security-Event-Validation-System root[2217]: CMDLOG:  - /usr/libexec/sftp-server
Sep 11 10:58:18 Network-Security-Event-Validation-System sftp-server[2207]: error: Unknown extended request "fs-multiple-roots-supported@vandyke.com"
Sep 11 10:58:18 Network-Security-Event-Validation-System sftp-server[2207]: error: Unknown extended request "vendor-id"
Sep 11 11:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5659 of user root.
Sep 11 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5658 of user root.
Sep 11 11:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:00:20 Network-Security-Event-Validation-System root[2333]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:20 Network-Security-Event-Validation-System root[2334]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:20 Network-Security-Event-Validation-System root[2335]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:00:20 Network-Security-Event-Validation-System root[2337]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:23 Network-Security-Event-Validation-System root[2341]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:00:23 Network-Security-Event-Validation-System root[2343]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:24 Network-Security-Event-Validation-System root[2345]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto -h
Sep 11 11:00:24 Network-Security-Event-Validation-System root[2347]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:37 Network-Security-Event-Validation-System root[2358]: CMDLOG: (10.45.118.19) - cat /etc/crontab
Sep 11 11:00:37 Network-Security-Event-Validation-System root[2360]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:44 Network-Security-Event-Validation-System root[2366]: CMDLOG: (10.45.118.19) - python3 /root/sec_news.py
Sep 11 11:00:46 Network-Security-Event-Validation-System root[2370]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:00:52 Network-Security-Event-Validation-System root[2376]: CMDLOG: (10.45.118.19) - python3 /root/alert_early_warning_system-v3.py
Sep 11 11:00:52 Network-Security-Event-Validation-System root[2378]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:01:01 Network-Security-Event-Validation-System systemd: Started Session 5660 of user root.
Sep 11 11:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:01:02 Network-Security-Event-Validation-System root[2401]: CMDLOG: (10.45.118.19) - python3 /root/py-email-4.py
Sep 11 11:01:05 Network-Security-Event-Validation-System root[2417]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:14 Network-Security-Event-Validation-System root[2425]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:15 Network-Security-Event-Validation-System root[2426]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:15 Network-Security-Event-Validation-System root[2427]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:15 Network-Security-Event-Validation-System root[2428]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:01:15 Network-Security-Event-Validation-System root[2430]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:19 Network-Security-Event-Validation-System root[2434]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto -h
Sep 11 11:01:19 Network-Security-Event-Validation-System root[2436]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:01:55 Network-Security-Event-Validation-System root[2467]: CMDLOG: (10.45.118.19) - vim /WEB/suricata/app01/views/index.py
Sep 11 11:02:40 Network-Security-Event-Validation-System root[2511]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:04:37 Network-Security-Event-Validation-System root[2637]: CMDLOG: (10.45.118.19) - vim /WEB/suricata/suricata/settings.py
Sep 11 11:05:04 Network-Security-Event-Validation-System root[2662]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:05 Network-Security-Event-Validation-System root[2663]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:05 Network-Security-Event-Validation-System root[2665]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:07 Network-Security-Event-Validation-System root[2668]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto -h
Sep 11 11:05:07 Network-Security-Event-Validation-System root[2670]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:13 Network-Security-Event-Validation-System root[2676]: CMDLOG: (10.45.118.19) - cat news.xml
Sep 11 11:05:13 Network-Security-Event-Validation-System root[2678]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:15 Network-Security-Event-Validation-System root[2680]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:15 Network-Security-Event-Validation-System root[2682]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:15 Network-Security-Event-Validation-System root[2684]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:17 Network-Security-Event-Validation-System root[2686]: CMDLOG: (10.45.118.19) - lls
Sep 11 11:05:17 Network-Security-Event-Validation-System root[2688]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:19 Network-Security-Event-Validation-System root[2690]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:19 Network-Security-Event-Validation-System root[2692]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:29 Network-Security-Event-Validation-System root[2702]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:29 Network-Security-Event-Validation-System root[2703]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:31 Network-Security-Event-Validation-System root[2705]: CMDLOG: (10.45.118.19) - cd /home
Sep 11 11:05:31 Network-Security-Event-Validation-System root[2706]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:31 Network-Security-Event-Validation-System root[2707]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:31 Network-Security-Event-Validation-System root[2709]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:36 Network-Security-Event-Validation-System root[2714]: CMDLOG: (10.45.118.19) - cd Clamav
Sep 11 11:05:36 Network-Security-Event-Validation-System root[2715]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:36 Network-Security-Event-Validation-System root[2716]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:36 Network-Security-Event-Validation-System root[2718]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:40 Network-Security-Event-Validation-System root[2722]: CMDLOG: (10.45.118.19) - cd Clamav
Sep 11 11:05:40 Network-Security-Event-Validation-System root[2723]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:46 Network-Security-Event-Validation-System root[2729]: CMDLOG: (10.45.118.19) - cd ClamAV
Sep 11 11:05:46 Network-Security-Event-Validation-System root[2730]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:47 Network-Security-Event-Validation-System root[2732]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:47 Network-Security-Event-Validation-System root[2734]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:50 Network-Security-Event-Validation-System root[2738]: CMDLOG: (10.45.118.19) - cd bin
Sep 11 11:05:50 Network-Security-Event-Validation-System root[2739]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:05:51 Network-Security-Event-Validation-System root[2740]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:05:51 Network-Security-Event-Validation-System root[2742]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:06:04 Network-Security-Event-Validation-System root[2754]: CMDLOG: (10.45.118.19) - freshclam
Sep 11 11:06:04 Network-Security-Event-Validation-System root[2756]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:06:08 Network-Security-Event-Validation-System root[2760]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:06:08 Network-Security-Event-Validation-System root[2762]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:06:24 Network-Security-Event-Validation-System root[2775]: CMDLOG: (10.45.118.19) - ./clamdscan
Sep 11 11:06:24 Network-Security-Event-Validation-System root[2777]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:07:21 Network-Security-Event-Validation-System root[2825]: CMDLOG: (10.45.118.19) - sudo yum install clamav
Sep 11 11:07:45 Network-Security-Event-Validation-System root[2866]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:08:14 Network-Security-Event-Validation-System root[2891]: CMDLOG: (10.45.118.19) - find /usr/lib* -name "libclamav.so.9"
Sep 11 11:08:14 Network-Security-Event-Validation-System root[2893]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:08:14 Network-Security-Event-Validation-System root[2894]: CMDLOG: (10.45.118.19) - find /usr/lib* -name "libfreshclam.so.2"
Sep 11 11:08:14 Network-Security-Event-Validation-System root[2896]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:08:16 Network-Security-Event-Validation-System root[2899]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:08:25 Network-Security-Event-Validation-System root[2907]: CMDLOG: (10.45.118.19) - find /usr/lib* -name "libclamav.so.9"
Sep 11 11:08:25 Network-Security-Event-Validation-System root[2909]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:08:38 Network-Security-Event-Validation-System root[2921]: CMDLOG: (10.45.118.19) - find / -name libclamav.so.9
Sep 11 11:08:44 Network-Security-Event-Validation-System root[2929]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:09 Network-Security-Event-Validation-System root[2949]: CMDLOG: (10.45.118.19) - find / -name libfreshclam.so.2
Sep 11 11:09:10 Network-Security-Event-Validation-System root[2952]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:29 Network-Security-Event-Validation-System root[2969]: CMDLOG: (10.45.118.19) - sudo cp /home/ClamAV/lib64/libclamav.so.9 /usr/lib64/
Sep 11 11:09:29 Network-Security-Event-Validation-System root[2972]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:29 Network-Security-Event-Validation-System root[2973]: CMDLOG: (10.45.118.19) - sudo cp /home/ClamAV/lib64/libfreshclam.so.2 /usr/lib64/
Sep 11 11:09:29 Network-Security-Event-Validation-System root[2976]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:31 Network-Security-Event-Validation-System root[2978]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:32 Network-Security-Event-Validation-System root[2980]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:09:32 Network-Security-Event-Validation-System root[2982]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:40 Network-Security-Event-Validation-System root[2989]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:09:40 Network-Security-Event-Validation-System root[2991]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:44 Network-Security-Event-Validation-System root[2995]: CMDLOG: (10.45.118.19) - ldconfig
Sep 11 11:09:44 Network-Security-Event-Validation-System root[2998]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:09:57 Network-Security-Event-Validation-System root[3009]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:09:57 Network-Security-Event-Validation-System root[3011]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:10:01 Network-Security-Event-Validation-System systemd: Started Session 5661 of user root.
Sep 11 11:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:10:14 Network-Security-Event-Validation-System root[3033]: CMDLOG: (10.45.118.19) - find / -name libclammspack.so.0
Sep 11 11:10:15 Network-Security-Event-Validation-System root[3036]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:33 Network-Security-Event-Validation-System root[3053]: CMDLOG: (10.45.118.19) - cp -i /home/ClamAV/lib64/libclammspack.so.0 /usr/lib4
Sep 11 11:10:33 Network-Security-Event-Validation-System root[3055]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:33 Network-Security-Event-Validation-System root[3056]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:10:33 Network-Security-Event-Validation-System root[3058]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:40 Network-Security-Event-Validation-System root[3065]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:10:40 Network-Security-Event-Validation-System root[3067]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:44 Network-Security-Event-Validation-System root[3071]: CMDLOG: (10.45.118.19) - ldconfig
Sep 11 11:10:44 Network-Security-Event-Validation-System root[3073]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:10:48 Network-Security-Event-Validation-System root[3078]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:10:48 Network-Security-Event-Validation-System root[3080]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:18 Network-Security-Event-Validation-System root[3105]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:19 Network-Security-Event-Validation-System root[3106]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:19 Network-Security-Event-Validation-System root[3108]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:19 Network-Security-Event-Validation-System root[3109]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:21 Network-Security-Event-Validation-System root[3112]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto /usr/lib4
Sep 11 11:11:21 Network-Security-Event-Validation-System root[3114]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:31 Network-Security-Event-Validation-System root[3123]: CMDLOG: (10.45.118.19) - cd /usr/lib4
Sep 11 11:11:31 Network-Security-Event-Validation-System root[3124]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:48 Network-Security-Event-Validation-System root[3139]: CMDLOG: (10.45.118.19) - rm -i /usr/lib4
Sep 11 11:11:50 Network-Security-Event-Validation-System root[3142]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:11:50 Network-Security-Event-Validation-System root[3144]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:12:06 Network-Security-Event-Validation-System root[3158]: CMDLOG: (10.45.118.19) - cp -i /home/ClamAV/lib64/libclammspack.so.0 /usr/lib64
Sep 11 11:12:06 Network-Security-Event-Validation-System root[3160]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:12:07 Network-Security-Event-Validation-System root[3161]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:12:10 Network-Security-Event-Validation-System root[3164]: CMDLOG: (10.45.118.19) - ./freshclam
Sep 11 11:12:38 Network-Security-Event-Validation-System root[3194]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:12:51 Network-Security-Event-Validation-System root[3205]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:12:51 Network-Security-Event-Validation-System root[3207]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:13:05 Network-Security-Event-Validation-System root[3219]: CMDLOG: (10.45.118.19) - ./clamdscan
Sep 11 11:13:05 Network-Security-Event-Validation-System root[3222]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:13:15 Network-Security-Event-Validation-System root[3231]: CMDLOG: (10.45.118.19) - ./clamscan
Sep 11 11:13:48 Network-Security-Event-Validation-System root[3259]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:06 Network-Security-Event-Validation-System root[3323]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:15:06 Network-Security-Event-Validation-System root[3325]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:07 Network-Security-Event-Validation-System root[3328]: CMDLOG: (10.45.118.19) - cd ..
Sep 11 11:15:07 Network-Security-Event-Validation-System root[3329]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:08 Network-Security-Event-Validation-System root[3330]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:15:08 Network-Security-Event-Validation-System root[3332]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:12 Network-Security-Event-Validation-System root[3336]: CMDLOG: (10.45.118.19) - nohup clamdscan -r / > scan.log 2>&1
Sep 11 11:15:12 Network-Security-Event-Validation-System root[3338]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:13 Network-Security-Event-Validation-System root[3340]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:15:13 Network-Security-Event-Validation-System root[3342]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:30 Network-Security-Event-Validation-System root[3357]: CMDLOG: (10.45.118.19) - touch scan.sh
Sep 11 11:15:30 Network-Security-Event-Validation-System root[3359]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:36 Network-Security-Event-Validation-System root[3364]: CMDLOG: (10.45.118.19) - vim scan.sh
Sep 11 11:15:40 Network-Security-Event-Validation-System root[3369]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:40 Network-Security-Event-Validation-System root[3371]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:15:40 Network-Security-Event-Validation-System root[3373]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:56 Network-Security-Event-Validation-System root[3386]: CMDLOG: (10.45.118.19) - chmod +x scan.sh
Sep 11 11:15:56 Network-Security-Event-Validation-System root[3388]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:56 Network-Security-Event-Validation-System root[3390]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:15:56 Network-Security-Event-Validation-System root[3392]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:15:57 Network-Security-Event-Validation-System root[3393]: CMDLOG: (10.45.118.19) - ls --color=auto -l --color=auto
Sep 11 11:15:57 Network-Security-Event-Validation-System root[3395]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:16:13 Network-Security-Event-Validation-System root[3409]: CMDLOG: (10.45.118.19) - cp -i scan.sh update.sh
Sep 11 11:16:13 Network-Security-Event-Validation-System root[3411]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:16:17 Network-Security-Event-Validation-System root[3415]: CMDLOG: (10.45.118.19) - vim update.sh
Sep 11 11:16:51 Network-Security-Event-Validation-System root[3444]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:16:52 Network-Security-Event-Validation-System root[3446]: CMDLOG: (10.45.118.19) - his
Sep 11 11:16:52 Network-Security-Event-Validation-System root[3448]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:16:55 Network-Security-Event-Validation-System root[3451]: CMDLOG: (10.45.118.19) - history
Sep 11 11:16:57 Network-Security-Event-Validation-System root[3454]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:17:05 Network-Security-Event-Validation-System root[3462]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:17:05 Network-Security-Event-Validation-System root[3464]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:17:10 Network-Security-Event-Validation-System root[3469]: CMDLOG: (10.45.118.19) - vim update.sh
Sep 11 11:17:39 Network-Security-Event-Validation-System root[3494]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:17:40 Network-Security-Event-Validation-System root[3496]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:17:40 Network-Security-Event-Validation-System root[3498]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:17:43 Network-Security-Event-Validation-System root[3501]: CMDLOG: (10.45.118.19) - sh update.sh
Sep 11 11:17:43 Network-Security-Event-Validation-System root[3504]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:17:56 Network-Security-Event-Validation-System root[3516]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:18:01 Network-Security-Event-Validation-System root[3521]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:01 Network-Security-Event-Validation-System root[3523]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:01 Network-Security-Event-Validation-System root[3524]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:11 Network-Security-Event-Validation-System root[3533]: CMDLOG: (10.45.118.19) - ps -aux
Sep 11 11:18:11 Network-Security-Event-Validation-System root[3535]: CMDLOG: (10.45.118.19) - grep --color=auto clamAV
Sep 11 11:18:11 Network-Security-Event-Validation-System root[3537]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:25 Network-Security-Event-Validation-System root[3549]: CMDLOG: (10.45.118.19) - ps -aux
Sep 11 11:18:25 Network-Security-Event-Validation-System root[3551]: CMDLOG: (10.45.118.19) - grep --color=auto scan
Sep 11 11:18:25 Network-Security-Event-Validation-System root[3553]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:34 Network-Security-Event-Validation-System root[3561]: CMDLOG: (10.45.118.19) - cd bin
Sep 11 11:18:34 Network-Security-Event-Validation-System root[3562]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:35 Network-Security-Event-Validation-System root[3564]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:18:35 Network-Security-Event-Validation-System root[3566]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:48 Network-Security-Event-Validation-System root[3577]: CMDLOG: (10.45.118.19) - ps -aux
Sep 11 11:18:48 Network-Security-Event-Validation-System root[3579]: CMDLOG: (10.45.118.19) - grep --color=auto clamscan
Sep 11 11:18:48 Network-Security-Event-Validation-System root[3581]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:54 Network-Security-Event-Validation-System root[3587]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:54 Network-Security-Event-Validation-System root[3588]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:55 Network-Security-Event-Validation-System root[3590]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:18:55 Network-Security-Event-Validation-System root[3592]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:56 Network-Security-Event-Validation-System root[3594]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:18:58 Network-Security-Event-Validation-System root[3596]: CMDLOG: (10.45.118.19) - ps -aux
Sep 11 11:18:58 Network-Security-Event-Validation-System root[3598]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:14 Network-Security-Event-Validation-System root[3612]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:14 Network-Security-Event-Validation-System root[3613]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:14 Network-Security-Event-Validation-System root[3614]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:17 Network-Security-Event-Validation-System root[3617]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:19:17 Network-Security-Event-Validation-System root[3619]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:22 Network-Security-Event-Validation-System root[3624]: CMDLOG: (10.45.118.19) - service suriata status
Sep 11 11:19:22 Network-Security-Event-Validation-System root[3637]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:29 Network-Security-Event-Validation-System root[3643]: CMDLOG: (10.45.118.19) - service suricata status
Sep 11 11:19:29 Network-Security-Event-Validation-System root[3655]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:30 Network-Security-Event-Validation-System root[3657]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:31 Network-Security-Event-Validation-System root[3658]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:31 Network-Security-Event-Validation-System root[3660]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:19:31 Network-Security-Event-Validation-System root[3662]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:32 Network-Security-Event-Validation-System root[3663]: CMDLOG: (10.45.118.19) - cd ..
Sep 11 11:19:32 Network-Security-Event-Validation-System root[3664]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:33 Network-Security-Event-Validation-System root[3666]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:19:33 Network-Security-Event-Validation-System root[3668]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:38 Network-Security-Event-Validation-System root[3673]: CMDLOG: (10.45.118.19) - ./scan.sh
Sep 11 11:19:38 Network-Security-Event-Validation-System root[3676]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:39 Network-Security-Event-Validation-System root[3678]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:19:39 Network-Security-Event-Validation-System root[3680]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:45 Network-Security-Event-Validation-System root[3686]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:19:54 Network-Security-Event-Validation-System root[3695]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:54 Network-Security-Event-Validation-System root[3697]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:55 Network-Security-Event-Validation-System root[3698]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:19:57 Network-Security-Event-Validation-System root[3700]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:19:57 Network-Security-Event-Validation-System root[3702]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:20:01 Network-Security-Event-Validation-System systemd: Started Session 5662 of user root.
Sep 11 11:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:20:01 Network-Security-Event-Validation-System root[3714]: CMDLOG: (10.45.118.19) - vim scan.sh
Sep 11 11:20:33 Network-Security-Event-Validation-System root[3742]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:20:34 Network-Security-Event-Validation-System root[3743]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:20:34 Network-Security-Event-Validation-System root[3745]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:20:37 Network-Security-Event-Validation-System root[3748]: CMDLOG: (10.45.118.19) - ./scan.sh
Sep 11 11:20:37 Network-Security-Event-Validation-System root[3751]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:20:38 Network-Security-Event-Validation-System root[3754]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:20:38 Network-Security-Event-Validation-System root[3756]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:20:44 Network-Security-Event-Validation-System root[3761]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:20:53 Network-Security-Event-Validation-System root[3771]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:00 Network-Security-Event-Validation-System root[3779]: CMDLOG: (10.45.118.19) - cat scan.sh
Sep 11 11:21:00 Network-Security-Event-Validation-System root[3781]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:07 Network-Security-Event-Validation-System root[3787]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:07 Network-Security-Event-Validation-System root[3788]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:08 Network-Security-Event-Validation-System root[3790]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:21:08 Network-Security-Event-Validation-System root[3792]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:15 Network-Security-Event-Validation-System root[3798]: CMDLOG: (10.45.118.19) - rm -i scan.sh
Sep 11 11:21:17 Network-Security-Event-Validation-System root[3802]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:18 Network-Security-Event-Validation-System root[3804]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:21:18 Network-Security-Event-Validation-System root[3806]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:34 Network-Security-Event-Validation-System root[3820]: CMDLOG: (10.45.118.19) - touch scan.sh
Sep 11 11:21:34 Network-Security-Event-Validation-System root[3822]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:41 Network-Security-Event-Validation-System root[3828]: CMDLOG: (10.45.118.19) - vim scan.sh
Sep 11 11:21:44 Network-Security-Event-Validation-System root[3833]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:45 Network-Security-Event-Validation-System root[3834]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:21:45 Network-Security-Event-Validation-System root[3836]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:21:54 Network-Security-Event-Validation-System root[3845]: CMDLOG: (10.45.118.19) - chmon +x scan.sh
Sep 11 11:21:54 Network-Security-Event-Validation-System root[3847]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:03 Network-Security-Event-Validation-System root[3855]: CMDLOG: (10.45.118.19) - chmod +x scan.sh
Sep 11 11:22:03 Network-Security-Event-Validation-System root[3857]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:03 Network-Security-Event-Validation-System root[3858]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:22:03 Network-Security-Event-Validation-System root[3860]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:04 Network-Security-Event-Validation-System root[3862]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:04 Network-Security-Event-Validation-System root[3863]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:04 Network-Security-Event-Validation-System root[3864]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:09 Network-Security-Event-Validation-System root[3869]: CMDLOG: (10.45.118.19) - rm -i scan.log -f
Sep 11 11:22:09 Network-Security-Event-Validation-System root[3871]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3872]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3874]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3875]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3876]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3878]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:10 Network-Security-Event-Validation-System root[3879]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:16 Network-Security-Event-Validation-System root[3884]: CMDLOG: (10.45.118.19) - ./scan.sh
Sep 11 11:22:16 Network-Security-Event-Validation-System root[3887]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:20 Network-Security-Event-Validation-System root[3891]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:22:20 Network-Security-Event-Validation-System root[3893]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:29 Network-Security-Event-Validation-System root[3903]: CMDLOG: (10.45.118.19) - cd bin
Sep 11 11:22:29 Network-Security-Event-Validation-System root[3904]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:30 Network-Security-Event-Validation-System root[3905]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:22:30 Network-Security-Event-Validation-System root[3907]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:38 Network-Security-Event-Validation-System root[3915]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:22:49 Network-Security-Event-Validation-System root[3926]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:53 Network-Security-Event-Validation-System root[3930]: CMDLOG: (10.45.118.19) - rm -i scan.log
Sep 11 11:22:55 Network-Security-Event-Validation-System root[3934]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:22:56 Network-Security-Event-Validation-System root[3935]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:22:56 Network-Security-Event-Validation-System root[3937]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:00 Network-Security-Event-Validation-System root[3941]: CMDLOG: (10.45.118.19) - cd ..
Sep 11 11:23:00 Network-Security-Event-Validation-System root[3942]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:00 Network-Security-Event-Validation-System root[3944]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:23:00 Network-Security-Event-Validation-System root[3946]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:07 Network-Security-Event-Validation-System root[3952]: CMDLOG: (10.45.118.19) - vim scan.sh
Sep 11 11:23:49 Network-Security-Event-Validation-System root[3987]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:49 Network-Security-Event-Validation-System root[3989]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:23:49 Network-Security-Event-Validation-System root[3991]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:55 Network-Security-Event-Validation-System root[3997]: CMDLOG: (10.45.118.19) - ./scan.sh
Sep 11 11:23:55 Network-Security-Event-Validation-System root[4000]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:23:56 Network-Security-Event-Validation-System root[4002]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:23:56 Network-Security-Event-Validation-System root[4004]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:24:01 Network-Security-Event-Validation-System root[4008]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:24:38 Network-Security-Event-Validation-System root[4041]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:24:41 Network-Security-Event-Validation-System root[4045]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:24:43 Network-Security-Event-Validation-System root[4048]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:27:57 Network-Security-Event-Validation-System kernel: megaraid_sas 0000:01:00.0: Firmware crash dump is not available
Sep 11 11:27:58 Network-Security-Event-Validation-System sshd[4207]: Accepted password for root from 10.45.118.19 port 52117 ssh2
Sep 11 11:27:58 Network-Security-Event-Validation-System root[4241]: CMDLOG: (10.45.118.19) - PATH=$PATH:$HOME/bin
Sep 11 11:27:58 Network-Security-Event-Validation-System root[4242]: CMDLOG: (10.45.118.19) - export PATH
Sep 11 11:27:58 Network-Security-Event-Validation-System root[4243]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:27:59 Network-Security-Event-Validation-System root[4245]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:27:59 Network-Security-Event-Validation-System root[4246]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:28:00 Network-Security-Event-Validation-System root[4247]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:28:00 Network-Security-Event-Validation-System root[4249]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:28:03 Network-Security-Event-Validation-System kernel: WARNING! power/level is deprecated; use power/control instead
Sep 11 11:28:08 Network-Security-Event-Validation-System root[4257]: CMDLOG: (10.45.118.19) - cd /home/ClamAV
Sep 11 11:28:08 Network-Security-Event-Validation-System root[4258]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:28:09 Network-Security-Event-Validation-System root[4259]: CMDLOG: (10.45.118.19) - ls --color=auto
Sep 11 11:28:09 Network-Security-Event-Validation-System root[4261]: CMDLOG: (10.45.118.19) - history -a
Sep 11 11:28:14 Network-Security-Event-Validation-System root[4267]: CMDLOG: (10.45.118.19) - tailf scan.log
Sep 11 11:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:30:01 Network-Security-Event-Validation-System systemd: Started Session 5663 of user root.
Sep 11 11:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:40:01 Network-Security-Event-Validation-System systemd: Started Session 5664 of user root.
Sep 11 11:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 11:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 11:50:01 Network-Security-Event-Validation-System systemd: Started Session 5665 of user root.
Sep 11 11:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5666 of user root.
Sep 11 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5667 of user root.
Sep 11 12:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:01:01 Network-Security-Event-Validation-System systemd: Started Session 5668 of user root.
Sep 11 12:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:10:01 Network-Security-Event-Validation-System systemd: Started Session 5669 of user root.
Sep 11 12:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:20:01 Network-Security-Event-Validation-System systemd: Started Session 5670 of user root.
Sep 11 12:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:30:01 Network-Security-Event-Validation-System systemd: Started Session 5671 of user root.
Sep 11 12:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:40:01 Network-Security-Event-Validation-System systemd: Started Session 5672 of user root.
Sep 11 12:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 12:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 12:50:01 Network-Security-Event-Validation-System systemd: Started Session 5673 of user root.
Sep 11 12:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5674 of user root.
Sep 11 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5675 of user root.
Sep 11 13:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:01:01 Network-Security-Event-Validation-System systemd: Started Session 5676 of user root.
Sep 11 13:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:10:01 Network-Security-Event-Validation-System systemd: Started Session 5677 of user root.
Sep 11 13:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:20:01 Network-Security-Event-Validation-System systemd: Started Session 5678 of user root.
Sep 11 13:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:21:44 Network-Security-Event-Validation-System sshd[9893]: Accepted password for root from 10.45.118.107 port 49751 ssh2
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9928]: CMDLOG: (10.45.118.107) - PATH=$PATH:$HOME/bin
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9929]: CMDLOG: (10.45.118.107) - export PATH
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9931]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9932]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9933]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:21:45 Network-Security-Event-Validation-System root[9934]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:21:52 Network-Security-Event-Validation-System root[9940]: CMDLOG: (10.45.118.107) - service suricata status
Sep 11 13:21:52 Network-Security-Event-Validation-System root[9952]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:22:45 Network-Security-Event-Validation-System root[9997]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:22:46 Network-Security-Event-Validation-System root[9998]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:22:59 Network-Security-Event-Validation-System root[10010]: CMDLOG: (10.45.118.107) - cat /home/ClamAV/scan.log
Sep 11 13:23:20 Network-Security-Event-Validation-System root[10063]: CMDLOG: (10.45.118.107) - PATH=$PATH:$HOME/bin
Sep 11 13:23:20 Network-Security-Event-Validation-System root[10064]: CMDLOG: (10.45.118.107) - export PATH
Sep 11 13:23:20 Network-Security-Event-Validation-System root[10065]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:27 Network-Security-Event-Validation-System root[10072]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:27 Network-Security-Event-Validation-System root[10073]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:27 Network-Security-Event-Validation-System root[10074]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:27 Network-Security-Event-Validation-System root[10075]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:36 Network-Security-Event-Validation-System root[10083]: CMDLOG: (10.45.118.107) - hishistory
Sep 11 13:23:36 Network-Security-Event-Validation-System root[10085]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:23:42 Network-Security-Event-Validation-System root[10091]: CMDLOG: (10.45.118.107) - history
Sep 11 13:24:03 Network-Security-Event-Validation-System root[10109]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:07 Network-Security-Event-Validation-System root[10113]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:10 Network-Security-Event-Validation-System root[10117]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:11 Network-Security-Event-Validation-System root[10119]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10120]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10121]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10122]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10123]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10124]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:12 Network-Security-Event-Validation-System root[10125]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:24:28 Network-Security-Event-Validation-System root[10139]: CMDLOG: (10.45.118.107) - tail -100 /home/ClamAV/scan.log
Sep 11 13:24:28 Network-Security-Event-Validation-System root[10141]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:25:05 Network-Security-Event-Validation-System root[10172]: CMDLOG: (10.45.118.107) - cat /home/ClamAV/scan.log
Sep 11 13:25:05 Network-Security-Event-Validation-System root[10174]: CMDLOG: (10.45.118.107) - grep --color=auto Infected
Sep 11 13:25:05 Network-Security-Event-Validation-System root[10176]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:25:47 Network-Security-Event-Validation-System root[10210]: CMDLOG: (10.45.118.107) - cat /home/ClamAV/scan.log
Sep 11 13:25:47 Network-Security-Event-Validation-System root[10212]: CMDLOG: (10.45.118.107) - grep --color=auto FOUND
Sep 11 13:25:47 Network-Security-Event-Validation-System root[10214]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:26:20 Network-Security-Event-Validation-System root[10242]: CMDLOG: (10.45.118.107) - rm -i /home/ClamAV/virus/挖矿-2.cap -f
Sep 11 13:26:20 Network-Security-Event-Validation-System root[10244]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:26:31 Network-Security-Event-Validation-System root[10253]: CMDLOG: (10.45.118.107) - rm -i /home/ClamAV/virus/172.18.133.238.cap -f
Sep 11 13:26:31 Network-Security-Event-Validation-System root[10255]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:01 Network-Security-Event-Validation-System root[10280]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:01 Network-Security-Event-Validation-System root[10281]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:01 Network-Security-Event-Validation-System root[10282]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:11 Network-Security-Event-Validation-System root[10291]: CMDLOG: (10.45.118.107) - cd /home/pcap-log
Sep 11 13:27:11 Network-Security-Event-Validation-System root[10292]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:11 Network-Security-Event-Validation-System root[10294]: CMDLOG: (10.45.118.107) - ls --color=auto
Sep 11 13:27:11 Network-Security-Event-Validation-System root[10296]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:27:14 Network-Security-Event-Validation-System root[10299]: CMDLOG: (10.45.118.107) - tree -h
Sep 11 13:27:14 Network-Security-Event-Validation-System root[10301]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:28:23 Network-Security-Event-Validation-System root[10357]: CMDLOG: (10.45.118.107) - du -sh *
Sep 11 13:28:23 Network-Security-Event-Validation-System root[10359]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:28:43 Network-Security-Event-Validation-System root[10376]: CMDLOG: (10.45.118.107) - du -sh */
Sep 11 13:28:43 Network-Security-Event-Validation-System root[10378]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:28:50 Network-Security-Event-Validation-System root[10385]: CMDLOG: (10.45.118.107) - du -sh /*
Sep 11 13:28:52 Network-Security-Event-Validation-System root[10389]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:28:58 Network-Security-Event-Validation-System root[10395]: CMDLOG: (10.45.118.107) - tree -h
Sep 11 13:28:58 Network-Security-Event-Validation-System root[10397]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:30:01 Network-Security-Event-Validation-System systemd: Started Session 5679 of user root.
Sep 11 13:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:36:28 Network-Security-Event-Validation-System root[10769]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:28 Network-Security-Event-Validation-System root[10770]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:28 Network-Security-Event-Validation-System root[10771]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:28 Network-Security-Event-Validation-System root[10772]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:36 Network-Security-Event-Validation-System root[10779]: CMDLOG: (10.45.118.107) - cd ~
Sep 11 13:36:36 Network-Security-Event-Validation-System root[10780]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:36 Network-Security-Event-Validation-System root[10781]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:36 Network-Security-Event-Validation-System root[10782]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:36:36 Network-Security-Event-Validation-System root[10783]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:37:05 Network-Security-Event-Validation-System root[10808]: CMDLOG: (10.45.118.107) - network_security_system
Sep 11 13:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:40:01 Network-Security-Event-Validation-System systemd: Started Session 5680 of user root.
Sep 11 13:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 13:50:01 Network-Security-Event-Validation-System systemd: Started Session 5681 of user root.
Sep 11 13:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 13:53:25 Network-Security-Event-Validation-System root[11617]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:25 Network-Security-Event-Validation-System root[11618]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:25 Network-Security-Event-Validation-System root[11620]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:25 Network-Security-Event-Validation-System root[11621]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:25 Network-Security-Event-Validation-System root[11622]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:26 Network-Security-Event-Validation-System root[11623]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:30 Network-Security-Event-Validation-System root[11628]: CMDLOG: (10.45.118.107) - cat /etc/crontab
Sep 11 13:53:30 Network-Security-Event-Validation-System root[11630]: CMDLOG: (10.45.118.107) - history -a
Sep 11 13:53:40 Network-Security-Event-Validation-System root[11638]: CMDLOG: (10.45.118.107) - python3 /root/alert_early_warning_system-v3.py
Sep 11 13:53:41 Network-Security-Event-Validation-System root[11641]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5683 of user root.
Sep 11 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5682 of user root.
Sep 11 14:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:01:01 Network-Security-Event-Validation-System systemd: Started Session 5684 of user root.
Sep 11 14:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:06:56 Network-Security-Event-Validation-System root[12321]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:06:56 Network-Security-Event-Validation-System root[12322]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:06:56 Network-Security-Event-Validation-System root[12323]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:06:57 Network-Security-Event-Validation-System root[12326]: CMDLOG: (10.45.118.107) - htop
Sep 11 14:07:24 Network-Security-Event-Validation-System root[12350]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:07:28 Network-Security-Event-Validation-System root[12354]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:07:28 Network-Security-Event-Validation-System root[12355]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:07:28 Network-Security-Event-Validation-System root[12356]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:07:28 Network-Security-Event-Validation-System root[12357]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:07:42 Network-Security-Event-Validation-System root[12369]: CMDLOG: (10.45.118.107) - vim /home/Suricata/suricata/suricata.yaml
Sep 11 14:08:22 Network-Security-Event-Validation-System root[12403]: CMDLOG: (10.45.118.107) - history -a
Sep 11 14:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:10:01 Network-Security-Event-Validation-System systemd: Started Session 5685 of user root.
Sep 11 14:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:20:01 Network-Security-Event-Validation-System systemd: Started Session 5686 of user root.
Sep 11 14:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:30:01 Network-Security-Event-Validation-System systemd: Started Session 5687 of user root.
Sep 11 14:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:40:01 Network-Security-Event-Validation-System systemd: Started Session 5688 of user root.
Sep 11 14:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 14:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 14:50:01 Network-Security-Event-Validation-System systemd: Started Session 5689 of user root.
Sep 11 14:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5690 of user root.
Sep 11 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5691 of user root.
Sep 11 15:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:01:01 Network-Security-Event-Validation-System systemd: Started Session 5692 of user root.
Sep 11 15:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:10:01 Network-Security-Event-Validation-System systemd: Started Session 5693 of user root.
Sep 11 15:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:20:01 Network-Security-Event-Validation-System systemd: Started Session 5694 of user root.
Sep 11 15:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:30:01 Network-Security-Event-Validation-System systemd: Started Session 5695 of user root.
Sep 11 15:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:40:01 Network-Security-Event-Validation-System systemd: Started Session 5696 of user root.
Sep 11 15:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 15:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 15:50:01 Network-Security-Event-Validation-System systemd: Started Session 5697 of user root.
Sep 11 15:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5698 of user root.
Sep 11 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5699 of user root.
Sep 11 16:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:01:01 Network-Security-Event-Validation-System systemd: Started Session 5700 of user root.
Sep 11 16:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:03:54 Network-Security-Event-Validation-System sshd[18140]: Accepted password for root from 10.45.118.66 port 49788 ssh2
Sep 11 16:03:54 Network-Security-Event-Validation-System root[18174]: CMDLOG: (10.45.118.66) - PATH=$PATH:$HOME/bin
Sep 11 16:03:54 Network-Security-Event-Validation-System root[18175]: CMDLOG: (10.45.118.66) - export PATH
Sep 11 16:03:54 Network-Security-Event-Validation-System root[18176]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:03:55 Network-Security-Event-Validation-System root[18179]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:03:55 Network-Security-Event-Validation-System root[18180]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:03:56 Network-Security-Event-Validation-System root[18181]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:03:57 Network-Security-Event-Validation-System root[18183]: CMDLOG: (10.45.118.66) - df -
Sep 11 16:03:57 Network-Security-Event-Validation-System root[18185]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:00 Network-Security-Event-Validation-System root[18188]: CMDLOG: (10.45.118.66) - df -h
Sep 11 16:04:00 Network-Security-Event-Validation-System root[18190]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:01 Network-Security-Event-Validation-System root[18192]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:01 Network-Security-Event-Validation-System root[18193]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:01 Network-Security-Event-Validation-System root[18194]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:14 Network-Security-Event-Validation-System root[18228]: CMDLOG: (10.45.118.66) - tree /home/pcap-log/
Sep 11 16:04:14 Network-Security-Event-Validation-System root[18230]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:17 Network-Security-Event-Validation-System root[18234]: CMDLOG: (10.45.118.66) - tree /home/pcap-log/ -h
Sep 11 16:04:17 Network-Security-Event-Validation-System root[18236]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:31 Network-Security-Event-Validation-System root[18248]: CMDLOG: (10.45.118.66) - tree /home/pcap-log/
Sep 11 16:04:31 Network-Security-Event-Validation-System root[18250]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:40 Network-Security-Event-Validation-System root[18259]: CMDLOG: (10.45.118.66) - cd /home
Sep 11 16:04:40 Network-Security-Event-Validation-System root[18260]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:47 Network-Security-Event-Validation-System root[18271]: CMDLOG: (10.45.118.66) - cd pcap-log/
Sep 11 16:04:47 Network-Security-Event-Validation-System root[18272]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:49 Network-Security-Event-Validation-System root[18275]: CMDLOG: (10.45.118.66) - du -sh
Sep 11 16:04:49 Network-Security-Event-Validation-System root[18277]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:51 Network-Security-Event-Validation-System root[18279]: CMDLOG: (10.45.118.66) - du -sh
Sep 11 16:04:51 Network-Security-Event-Validation-System root[18281]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:04:54 Network-Security-Event-Validation-System root[18285]: CMDLOG: (10.45.118.66) - du -sh
Sep 11 16:04:54 Network-Security-Event-Validation-System root[18287]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:04 Network-Security-Event-Validation-System root[18295]: CMDLOG: (10.45.118.66) - du -sh
Sep 11 16:05:04 Network-Security-Event-Validation-System root[18297]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:05 Network-Security-Event-Validation-System root[18299]: CMDLOG: (10.45.118.66) - du -sh
Sep 11 16:05:05 Network-Security-Event-Validation-System root[18301]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:06 Network-Security-Event-Validation-System root[18303]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:05:06 Network-Security-Event-Validation-System root[18305]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:13 Network-Security-Event-Validation-System root[18312]: CMDLOG: (10.45.118.66) - du -sh *
Sep 11 16:05:13 Network-Security-Event-Validation-System root[18314]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:31 Network-Security-Event-Validation-System root[18337]: CMDLOG: (10.45.118.66) - cd 2023-09-11
Sep 11 16:05:31 Network-Security-Event-Validation-System root[18338]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:33 Network-Security-Event-Validation-System root[18341]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:05:33 Network-Security-Event-Validation-System root[18343]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:05:34 Network-Security-Event-Validation-System root[18345]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 16:05:35 Network-Security-Event-Validation-System root[18347]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:06:01 Network-Security-Event-Validation-System root[18376]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:06:01 Network-Security-Event-Validation-System root[18378]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:06:35 Network-Security-Event-Validation-System root[18521]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 16:07:11 Network-Security-Event-Validation-System root[18552]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:24 Network-Security-Event-Validation-System root[18565]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 16:07:28 Network-Security-Event-Validation-System root[18571]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:30 Network-Security-Event-Validation-System root[18574]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:30 Network-Security-Event-Validation-System root[18575]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:31 Network-Security-Event-Validation-System root[18576]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:33 Network-Security-Event-Validation-System root[18579]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:07:33 Network-Security-Event-Validation-System root[18581]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:07:59 Network-Security-Event-Validation-System root[18682]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packet.py
Sep 11 16:08:01 Network-Security-Event-Validation-System root[18686]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:08:05 Network-Security-Event-Validation-System root[18722]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:09:26 Network-Security-Event-Validation-System root[18790]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:10:01 Network-Security-Event-Validation-System systemd: Started Session 5701 of user root.
Sep 11 16:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:12:28 Network-Security-Event-Validation-System root[18945]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:12:29 Network-Security-Event-Validation-System root[18947]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:12:30 Network-Security-Event-Validation-System root[18948]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:12:30 Network-Security-Event-Validation-System root[18950]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:12:33 Network-Security-Event-Validation-System root[18954]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 16:12:33 Network-Security-Event-Validation-System root[18956]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:15:14 Network-Security-Event-Validation-System root[19086]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:15:54 Network-Security-Event-Validation-System root[19121]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:00 Network-Security-Event-Validation-System root[19134]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:16:00 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:16:01 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:16:01 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:16:01 Network-Security-Event-Validation-System root[19154]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:02 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:16:02 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:16:02 Network-Security-Event-Validation-System root[19172]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:16:02 Network-Security-Event-Validation-System root[19174]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:19 Network-Security-Event-Validation-System root[19205]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:16:19 Network-Security-Event-Validation-System root[19207]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:21 Network-Security-Event-Validation-System root[19212]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 16:16:21 Network-Security-Event-Validation-System root[19214]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:30 Network-Security-Event-Validation-System root[19254]: CMDLOG: (10.45.118.66) - PATH=$PATH:$HOME/bin
Sep 11 16:16:30 Network-Security-Event-Validation-System root[19255]: CMDLOG: (10.45.118.66) - export PATH
Sep 11 16:16:30 Network-Security-Event-Validation-System root[19256]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:16:35 Network-Security-Event-Validation-System root[19262]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 16:19:56 Network-Security-Event-Validation-System root[19431]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:19:56 Network-Security-Event-Validation-System root[19433]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:20:01 Network-Security-Event-Validation-System systemd: Started Session 5702 of user root.
Sep 11 16:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:20:05 Network-Security-Event-Validation-System root[19452]: CMDLOG: (10.45.118.66) - rm -i all.pcap
Sep 11 16:20:06 Network-Security-Event-Validation-System root[19456]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:20:08 Network-Security-Event-Validation-System root[19458]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:20:08 Network-Security-Event-Validation-System root[19460]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:20:40 Network-Security-Event-Validation-System root[19487]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* new.pcap
Sep 11 16:20:40 Network-Security-Event-Validation-System root[19489]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:20:55 Network-Security-Event-Validation-System root[19502]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* new.pcap
Sep 11 16:20:55 Network-Security-Event-Validation-System root[19504]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:01 Network-Security-Event-Validation-System root[19510]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* ./new.pcap
Sep 11 16:21:01 Network-Security-Event-Validation-System root[19512]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:05 Network-Security-Event-Validation-System root[19516]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* ./
Sep 11 16:21:05 Network-Security-Event-Validation-System root[19518]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:17 Network-Security-Event-Validation-System root[19528]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* p
Sep 11 16:21:17 Network-Security-Event-Validation-System root[19530]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:27 Network-Security-Event-Validation-System root[19539]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* ./1
Sep 11 16:21:27 Network-Security-Event-Validation-System root[19541]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:28 Network-Security-Event-Validation-System root[19543]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:21:28 Network-Security-Event-Validation-System root[19545]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:21:34 Network-Security-Event-Validation-System root[19551]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:21:34 Network-Security-Event-Validation-System root[19553]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:23:41 Network-Security-Event-Validation-System root[19656]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* copied_alert.pcap.1694399344
Sep 11 16:23:41 Network-Security-Event-Validation-System root[19659]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:23:45 Network-Security-Event-Validation-System root[19663]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* copied_alert.pcap.
Sep 11 16:23:45 Network-Security-Event-Validation-System root[19665]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:23:46 Network-Security-Event-Validation-System root[19666]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:23:46 Network-Security-Event-Validation-System root[19668]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:24:09 Network-Security-Event-Validation-System root[19688]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* coped.alert.pcap
Sep 11 16:24:09 Network-Security-Event-Validation-System root[19690]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:24:39 Network-Security-Event-Validation-System root[19715]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* copied_alert.pcap
Sep 11 16:24:39 Network-Security-Event-Validation-System root[19717]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:24:45 Network-Security-Event-Validation-System root[19723]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:24:45 Network-Security-Event-Validation-System root[19725]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:25:00 Network-Security-Event-Validation-System root[19738]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:28:15 Network-Security-Event-Validation-System root[19895]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:28:15 Network-Security-Event-Validation-System root[19897]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:28:15 Network-Security-Event-Validation-System root[19899]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:28:36 Network-Security-Event-Validation-System root[19917]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* copy.alert.pcap
Sep 11 16:28:36 Network-Security-Event-Validation-System root[19919]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:29:26 Network-Security-Event-Validation-System root[19961]: CMDLOG: (10.45.118.66) - cp -i alert.pcap.* .
Sep 11 16:29:26 Network-Security-Event-Validation-System root[19963]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:30:01 Network-Security-Event-Validation-System systemd: Started Session 5703 of user root.
Sep 11 16:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:40:01 Network-Security-Event-Validation-System systemd: Started Session 5704 of user root.
Sep 11 16:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:48:12 Network-Security-Event-Validation-System root[20888]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:48:12 Network-Security-Event-Validation-System root[20890]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:48:16 Network-Security-Event-Validation-System root[20894]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:48:16 Network-Security-Event-Validation-System root[20895]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:48:18 Network-Security-Event-Validation-System root[20898]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:49:26 Network-Security-Event-Validation-System root[20954]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:49:30 Network-Security-Event-Validation-System root[20964]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:49:30 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:49:31 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:49:31 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:49:31 Network-Security-Event-Validation-System root[20985]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:49:31 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:49:31 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:49:36 Network-Security-Event-Validation-System root[21006]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:49:36 Network-Security-Event-Validation-System root[21008]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:49:37 Network-Security-Event-Validation-System root[21010]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:49:37 Network-Security-Event-Validation-System root[21011]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:49:38 Network-Security-Event-Validation-System root[21013]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:49:38 Network-Security-Event-Validation-System root[21015]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 16:50:01 Network-Security-Event-Validation-System systemd: Started Session 5705 of user root.
Sep 11 16:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 16:50:05 Network-Security-Event-Validation-System root[21065]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 16:50:26 Network-Security-Event-Validation-System root[21085]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:50:30 Network-Security-Event-Validation-System root[21090]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 16:50:45 Network-Security-Event-Validation-System root[21104]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:50:54 Network-Security-Event-Validation-System root[21176]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/suricata/settings.py
Sep 11 16:51:15 Network-Security-Event-Validation-System root[21195]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:51:28 Network-Security-Event-Validation-System root[21213]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:51:28 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:51:29 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:51:29 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:51:29 Network-Security-Event-Validation-System root[21233]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:51:29 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:51:29 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:51:50 Network-Security-Event-Validation-System root[21278]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:52:59 Network-Security-Event-Validation-System root[21345]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:53:01 Network-Security-Event-Validation-System root[21347]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:53:01 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:53:02 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:53:02 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:53:02 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:53:02 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:53:02 Network-Security-Event-Validation-System root[21368]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:53:15 Network-Security-Event-Validation-System root[21401]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:53:32 Network-Security-Event-Validation-System root[21417]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:53:33 Network-Security-Event-Validation-System root[21419]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:53:33 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:53:34 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:53:34 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:53:34 Network-Security-Event-Validation-System root[21439]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:53:34 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:53:34 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:54:39 Network-Security-Event-Validation-System root[21530]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:54:39 Network-Security-Event-Validation-System root[21532]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:54:41 Network-Security-Event-Validation-System root[21534]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:54:41 Network-Security-Event-Validation-System root[21536]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:13 Network-Security-Event-Validation-System root[21709]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:58:13 Network-Security-Event-Validation-System root[21711]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:18 Network-Security-Event-Validation-System root[21717]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:58:18 Network-Security-Event-Validation-System root[21719]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:23 Network-Security-Event-Validation-System root[21724]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/suricata/settings.py
Sep 11 16:58:26 Network-Security-Event-Validation-System root[21728]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:30 Network-Security-Event-Validation-System root[21733]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:58:46 Network-Security-Event-Validation-System root[21747]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:48 Network-Security-Event-Validation-System root[21750]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 16:58:48 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 16:58:49 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 16:58:49 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 16:58:49 Network-Security-Event-Validation-System root[21770]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:58:49 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 16:58:49 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 16:59:08 Network-Security-Event-Validation-System root[21819]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 16:59:08 Network-Security-Event-Validation-System root[21821]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:59:09 Network-Security-Event-Validation-System root[21822]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 16:59:09 Network-Security-Event-Validation-System root[21824]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:59:15 Network-Security-Event-Validation-System root[21831]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/suricata/settings.py
Sep 11 16:59:17 Network-Security-Event-Validation-System root[21834]: CMDLOG: (10.45.118.66) - history -a
Sep 11 16:59:21 Network-Security-Event-Validation-System root[21838]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 16:59:45 Network-Security-Event-Validation-System root[21872]: CMDLOG: (10.45.118.66) - tail -100 /WEB/suricata/uwsgi.log
Sep 11 16:59:45 Network-Security-Event-Validation-System root[21874]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5706 of user root.
Sep 11 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5707 of user root.
Sep 11 17:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:01:01 Network-Security-Event-Validation-System systemd: Started Session 5708 of user root.
Sep 11 17:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:01:42 Network-Security-Event-Validation-System root[22008]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:01:54 Network-Security-Event-Validation-System root[22019]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:01:54 Network-Security-Event-Validation-System root[22021]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:02:24 Network-Security-Event-Validation-System root[22047]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:02:26 Network-Security-Event-Validation-System root[22049]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:02:26 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:02:27 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:02:27 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:02:27 Network-Security-Event-Validation-System root[22069]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:02:27 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:02:27 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:02:32 Network-Security-Event-Validation-System root[22091]: CMDLOG: (10.45.118.66) - tail -100 /WEB/suricata/uwsgi.log
Sep 11 17:02:32 Network-Security-Event-Validation-System root[22093]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:02:51 Network-Security-Event-Validation-System root[22126]: CMDLOG: (10.45.118.66) - tail -100 /WEB/suricata/uwsgi.log
Sep 11 17:02:51 Network-Security-Event-Validation-System root[22128]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:03:41 Network-Security-Event-Validation-System root[22169]: CMDLOG: (10.45.118.66) - tail -100 /WEB/suricata/uwsgi.log
Sep 11 17:03:41 Network-Security-Event-Validation-System root[22171]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:04:35 Network-Security-Event-Validation-System root[22221]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:05:03 Network-Security-Event-Validation-System root[22245]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:05:05 Network-Security-Event-Validation-System root[22247]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:05:05 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:05:06 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:05:06 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:05:06 Network-Security-Event-Validation-System root[22268]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:05:06 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:05:06 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:05:20 Network-Security-Event-Validation-System root[22302]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 17:06:19 Network-Security-Event-Validation-System root[22367]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:06:37 Network-Security-Event-Validation-System root[22383]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:06:38 Network-Security-Event-Validation-System root[22385]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:06:38 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:06:39 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:06:39 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:06:39 Network-Security-Event-Validation-System root[22405]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:06:39 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:06:39 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:07:16 Network-Security-Event-Validation-System root[22475]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:07:39 Network-Security-Event-Validation-System root[22495]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:07:39 Network-Security-Event-Validation-System root[22496]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:07:40 Network-Security-Event-Validation-System root[22498]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:07:40 Network-Security-Event-Validation-System root[22499]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:07:40 Network-Security-Event-Validation-System root[22501]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:08:07 Network-Security-Event-Validation-System root[22523]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:08:08 Network-Security-Event-Validation-System root[22525]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:08:08 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:08:09 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:08:09 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:08:09 Network-Security-Event-Validation-System root[22545]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:08:09 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:08:09 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:08:12 Network-Security-Event-Validation-System root[22565]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 17:08:38 Network-Security-Event-Validation-System root[22594]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:08:45 Network-Security-Event-Validation-System root[22601]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:08:59 Network-Security-Event-Validation-System root[22619]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:09:21 Network-Security-Event-Validation-System root[22643]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:09:45 Network-Security-Event-Validation-System root[22664]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:09:47 Network-Security-Event-Validation-System root[22666]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:09:47 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:09:48 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:09:48 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:09:48 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:09:48 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:09:48 Network-Security-Event-Validation-System root[22687]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:10:01 Network-Security-Event-Validation-System systemd: Started Session 5709 of user root.
Sep 11 17:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:10:13 Network-Security-Event-Validation-System root[22743]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 17:10:30 Network-Security-Event-Validation-System root[22764]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:10:37 Network-Security-Event-Validation-System root[22770]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 17:10:49 Network-Security-Event-Validation-System root[22788]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:16:15 Network-Security-Event-Validation-System root[23051]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:16:23 Network-Security-Event-Validation-System root[23060]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:16:32 Network-Security-Event-Validation-System root[23068]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:16:32 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:16:33 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:16:33 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:16:33 Network-Security-Event-Validation-System root[23088]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:16:33 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:16:33 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:16:43 Network-Security-Event-Validation-System root[23128]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:16:44 Network-Security-Event-Validation-System root[23130]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:15 Network-Security-Event-Validation-System root[23163]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:17:15 Network-Security-Event-Validation-System root[23165]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:17 Network-Security-Event-Validation-System root[23167]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:17 Network-Security-Event-Validation-System root[23168]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:20 Network-Security-Event-Validation-System root[23171]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:22 Network-Security-Event-Validation-System root[23174]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:17:22 Network-Security-Event-Validation-System root[23176]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:28 Network-Security-Event-Validation-System root[23184]: CMDLOG: (10.45.118.66) - cd copy_alert_pcap/
Sep 11 17:17:28 Network-Security-Event-Validation-System root[23185]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:29 Network-Security-Event-Validation-System root[23187]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:17:29 Network-Security-Event-Validation-System root[23189]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:31 Network-Security-Event-Validation-System root[23193]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:17:31 Network-Security-Event-Validation-System root[23195]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:35 Network-Security-Event-Validation-System root[23199]: CMDLOG: (10.45.118.66) - cd ..
Sep 11 17:17:35 Network-Security-Event-Validation-System root[23200]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:17:49 Network-Security-Event-Validation-System root[23217]: CMDLOG: (10.45.118.66) - tailf /WEB/suricata/uwsgi.log
Sep 11 17:18:27 Network-Security-Event-Validation-System root[23253]: CMDLOG: (10.45.118.66) - rm -i -rf /home/pcap-log/2023-09-11/copy_alert_pcap
Sep 11 17:18:28 Network-Security-Event-Validation-System root[23255]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:18:29 Network-Security-Event-Validation-System root[23258]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:18:29 Network-Security-Event-Validation-System root[23260]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:20:01 Network-Security-Event-Validation-System systemd: Started Session 5710 of user root.
Sep 11 17:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:21:15 Network-Security-Event-Validation-System root[23403]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:21:29 Network-Security-Event-Validation-System root[23414]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:22:27 Network-Security-Event-Validation-System root[23463]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:22:30 Network-Security-Event-Validation-System root[23466]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:22:30 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:22:31 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:22:31 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:22:31 Network-Security-Event-Validation-System root[23486]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:22:31 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:22:31 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:24:11 Network-Security-Event-Validation-System root[23606]: CMDLOG: (10.45.118.66) - vim /WEB/suricata/app01/views/packets.py
Sep 11 17:24:30 Network-Security-Event-Validation-System root[23622]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:24:31 Network-Security-Event-Validation-System root[23624]: CMDLOG: (10.45.118.66) - service uwsgi restart
Sep 11 17:24:31 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 11 17:24:32 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 11 17:24:32 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 11 17:24:32 Network-Security-Event-Validation-System root[23645]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:24:32 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 11 17:24:32 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 11 17:24:48 Network-Security-Event-Validation-System root[23686]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:24:48 Network-Security-Event-Validation-System root[23688]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:25:05 Network-Security-Event-Validation-System root[23702]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:25:05 Network-Security-Event-Validation-System root[23704]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:25:06 Network-Security-Event-Validation-System root[23707]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 17:25:06 Network-Security-Event-Validation-System root[23709]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:26:04 Network-Security-Event-Validation-System root[23771]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:26:04 Network-Security-Event-Validation-System root[23773]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:26:06 Network-Security-Event-Validation-System root[23776]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:26:06 Network-Security-Event-Validation-System root[23778]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:26:22 Network-Security-Event-Validation-System root[23793]: CMDLOG: (10.45.118.66) - lls
Sep 11 17:26:22 Network-Security-Event-Validation-System root[23795]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:26:23 Network-Security-Event-Validation-System root[23797]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:26:23 Network-Security-Event-Validation-System root[23799]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:27:58 Network-Security-Event-Validation-System root[23880]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:27:58 Network-Security-Event-Validation-System root[23883]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:29:01 Network-Security-Event-Validation-System systemd: Started Session 5711 of user root.
Sep 11 17:29:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:29:39 Network-Security-Event-Validation-System root[23974]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:39 Network-Security-Event-Validation-System root[23976]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:39 Network-Security-Event-Validation-System root[23977]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:41 Network-Security-Event-Validation-System root[23979]: CMDLOG: (10.45.118.66) - ls --color=auto -h
Sep 11 17:29:41 Network-Security-Event-Validation-System root[23981]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:42 Network-Security-Event-Validation-System root[23983]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto
Sep 11 17:29:42 Network-Security-Event-Validation-System root[23985]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:29:45 Network-Security-Event-Validation-System root[23988]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:29:45 Network-Security-Event-Validation-System root[23991]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5712 of user root.
Sep 11 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5713 of user root.
Sep 11 17:30:09 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:36:04 Network-Security-Event-Validation-System sshd[24324]: Accepted password for root from 10.45.118.66 port 51681 ssh2
Sep 11 17:36:04 Network-Security-Event-Validation-System root[24358]: CMDLOG: (10.45.118.66) - PATH=$PATH:$HOME/bin
Sep 11 17:36:04 Network-Security-Event-Validation-System root[24359]: CMDLOG: (10.45.118.66) - export PATH
Sep 11 17:36:04 Network-Security-Event-Validation-System root[24360]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:36:05 Network-Security-Event-Validation-System root[24362]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:36:05 Network-Security-Event-Validation-System root[24363]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:36:06 Network-Security-Event-Validation-System root[24364]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:36:33 Network-Security-Event-Validation-System root[24409]: CMDLOG: (10.45.118.66) - cat /var/log/cron
Sep 11 17:36:33 Network-Security-Event-Validation-System root[24411]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:37:02 Network-Security-Event-Validation-System root[24436]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:37:02 Network-Security-Event-Validation-System root[24437]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:37:02 Network-Security-Event-Validation-System root[24438]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:37:23 Network-Security-Event-Validation-System root[24490]: CMDLOG: (10.45.118.66) - cat /home/Suricata/log/suricata/suricata.log
Sep 11 17:37:27 Network-Security-Event-Validation-System root[24496]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:37:37 Network-Security-Event-Validation-System root[24504]: CMDLOG: (10.45.118.66) - tailf -n 1000 /home/Suricata/log/suricata/suricata.log
Sep 11 17:39:22 Network-Security-Event-Validation-System root[24592]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:22 Network-Security-Event-Validation-System root[24593]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:22 Network-Security-Event-Validation-System root[24594]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:23 Network-Security-Event-Validation-System root[24596]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:39:23 Network-Security-Event-Validation-System root[24598]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:34 Network-Security-Event-Validation-System root[24608]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:39:34 Network-Security-Event-Validation-System root[24610]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:39 Network-Security-Event-Validation-System root[24618]: CMDLOG: (10.45.118.66) - cd /home/Suricata/log/
Sep 11 17:39:39 Network-Security-Event-Validation-System root[24619]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:40 Network-Security-Event-Validation-System root[24621]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:39:40 Network-Security-Event-Validation-System root[24623]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:41 Network-Security-Event-Validation-System root[24626]: CMDLOG: (10.45.118.66) - cd suricata/
Sep 11 17:39:41 Network-Security-Event-Validation-System root[24627]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:42 Network-Security-Event-Validation-System root[24628]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:39:42 Network-Security-Event-Validation-System root[24630]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:52 Network-Security-Event-Validation-System root[24643]: CMDLOG: (10.45.118.66) - rm -i suricata.log -f
Sep 11 17:39:52 Network-Security-Event-Validation-System root[24645]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:52 Network-Security-Event-Validation-System root[24647]: CMDLOG: (10.45.118.66) - ls --color=auto
Sep 11 17:39:52 Network-Security-Event-Validation-System root[24649]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:39:56 Network-Security-Event-Validation-System root[24653]: CMDLOG: (10.45.118.66) - ls --color=auto -l --color=auto -h
Sep 11 17:39:56 Network-Security-Event-Validation-System root[24656]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:40:01 Network-Security-Event-Validation-System systemd: Started Session 5714 of user root.
Sep 11 17:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 17:40:09 Network-Security-Event-Validation-System root[24680]: CMDLOG: (10.45.118.66) - cat /etc/crontab
Sep 11 17:40:09 Network-Security-Event-Validation-System root[24682]: CMDLOG: (10.45.118.66) - history -a
Sep 11 17:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 17:50:01 Network-Security-Event-Validation-System systemd: Started Session 5715 of user root.
Sep 11 17:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5716 of user root.
Sep 11 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5717 of user root.
Sep 11 18:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:01:01 Network-Security-Event-Validation-System systemd: Started Session 5718 of user root.
Sep 11 18:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:06:38 Network-Security-Event-Validation-System sshd[26000]: Accepted password for root from 10.45.118.66 port 52616 ssh2
Sep 11 18:06:38 Network-Security-Event-Validation-System root[26034]: CMDLOG: (10.45.118.66) - PATH=$PATH:$HOME/bin
Sep 11 18:06:38 Network-Security-Event-Validation-System root[26035]: CMDLOG: (10.45.118.66) - export PATH
Sep 11 18:06:38 Network-Security-Event-Validation-System root[26036]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:06:41 Network-Security-Event-Validation-System root[26039]: CMDLOG: (10.45.118.66) - free-h
Sep 11 18:06:41 Network-Security-Event-Validation-System root[26041]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:06:46 Network-Security-Event-Validation-System root[26047]: CMDLOG: (10.45.118.66) - free -h
Sep 11 18:06:46 Network-Security-Event-Validation-System root[26049]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:09:18 Network-Security-Event-Validation-System root[26173]: CMDLOG: (10.45.118.66) - free -h
Sep 11 18:09:18 Network-Security-Event-Validation-System root[26175]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:09:35 Network-Security-Event-Validation-System root[26190]: CMDLOG: (10.45.118.66) - htop
Sep 11 18:09:54 Network-Security-Event-Validation-System root[26209]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:09:57 Network-Security-Event-Validation-System root[26212]: CMDLOG: (10.45.118.66) - free -h
Sep 11 18:09:57 Network-Security-Event-Validation-System root[26214]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:10:01 Network-Security-Event-Validation-System systemd: Started Session 5719 of user root.
Sep 11 18:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:11:02 Network-Security-Event-Validation-System root[26274]: CMDLOG: (10.45.118.66) - yum update
Sep 11 18:11:49 Network-Security-Event-Validation-System root[26363]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:15 Network-Security-Event-Validation-System root[26385]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:18 Network-Security-Event-Validation-System root[26388]: CMDLOG: (10.45.118.66) - sqlite -v
Sep 11 18:12:18 Network-Security-Event-Validation-System root[26390]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:21 Network-Security-Event-Validation-System root[26394]: CMDLOG: (10.45.118.66) - sqlite -version
Sep 11 18:12:21 Network-Security-Event-Validation-System root[26396]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:24 Network-Security-Event-Validation-System root[26399]: CMDLOG: (10.45.118.66) - sqlite
Sep 11 18:12:24 Network-Security-Event-Validation-System root[26401]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:29 Network-Security-Event-Validation-System root[26406]: CMDLOG: (10.45.118.66) - sqlite3
Sep 11 18:12:35 Network-Security-Event-Validation-System root[26413]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:12:39 Network-Security-Event-Validation-System root[26417]: CMDLOG: (10.45.118.66) - sqlite3 --version
Sep 11 18:12:39 Network-Security-Event-Validation-System root[26419]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26511]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26512]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26513]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26514]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26515]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26516]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26517]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:31 Network-Security-Event-Validation-System root[26518]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:32 Network-Security-Event-Validation-System root[26519]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:32 Network-Security-Event-Validation-System root[26520]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:33 Network-Security-Event-Validation-System root[26522]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:33 Network-Security-Event-Validation-System root[26523]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:14:33 Network-Security-Event-Validation-System root[26524]: CMDLOG: (10.45.118.66) - history -a
Sep 11 18:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:20:01 Network-Security-Event-Validation-System systemd: Started Session 5720 of user root.
Sep 11 18:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:30:01 Network-Security-Event-Validation-System systemd: Started Session 5721 of user root.
Sep 11 18:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:40:01 Network-Security-Event-Validation-System systemd: Started Session 5722 of user root.
Sep 11 18:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 18:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 18:50:01 Network-Security-Event-Validation-System systemd: Started Session 5723 of user root.
Sep 11 18:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5724 of user root.
Sep 11 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5725 of user root.
Sep 11 19:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:01:01 Network-Security-Event-Validation-System systemd: Started Session 5726 of user root.
Sep 11 19:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:10:01 Network-Security-Event-Validation-System systemd: Started Session 5727 of user root.
Sep 11 19:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:20:01 Network-Security-Event-Validation-System systemd: Started Session 5728 of user root.
Sep 11 19:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:30:01 Network-Security-Event-Validation-System systemd: Started Session 5729 of user root.
Sep 11 19:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:40:01 Network-Security-Event-Validation-System systemd: Started Session 5730 of user root.
Sep 11 19:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:46:03 Network-Security-Event-Validation-System sshd[31039]: Accepted password for root from 10.45.118.32 port 49846 ssh2
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31073]: CMDLOG: (10.45.118.32) - PATH=$PATH:$HOME/bin
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31074]: CMDLOG: (10.45.118.32) - export PATH
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31075]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31077]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31078]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:03 Network-Security-Event-Validation-System root[31079]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:08 Network-Security-Event-Validation-System root[31089]: CMDLOG: (10.45.118.32) - service suricata status
Sep 11 19:46:08 Network-Security-Event-Validation-System root[31101]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:21 Network-Security-Event-Validation-System root[31113]: CMDLOG: (10.45.118.32) - ps -aux
Sep 11 19:46:21 Network-Security-Event-Validation-System root[31115]: CMDLOG: (10.45.118.32) - grep --color=auto suricata
Sep 11 19:46:21 Network-Security-Event-Validation-System root[31117]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:46:31 Network-Security-Event-Validation-System root[31126]: CMDLOG: (10.45.118.32) - ps -aux
Sep 11 19:46:31 Network-Security-Event-Validation-System root[31128]: CMDLOG: (10.45.118.32) - grep --color=auto suricata -h
Sep 11 19:46:31 Network-Security-Event-Validation-System root[31130]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:47:16 Network-Security-Event-Validation-System root[31167]: CMDLOG: (10.45.118.32) - htop
Sep 11 19:47:45 Network-Security-Event-Validation-System root[31193]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:47:46 Network-Security-Event-Validation-System root[31195]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:47:46 Network-Security-Event-Validation-System root[31197]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:47:48 Network-Security-Event-Validation-System root[31200]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:47:48 Network-Security-Event-Validation-System root[31202]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:02 Network-Security-Event-Validation-System root[31213]: CMDLOG: (10.45.118.32) - ps -aux
Sep 11 19:48:02 Network-Security-Event-Validation-System root[31215]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:06 Network-Security-Event-Validation-System root[31220]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:48:06 Network-Security-Event-Validation-System root[31222]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:11 Network-Security-Event-Validation-System root[31227]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:48:11 Network-Security-Event-Validation-System root[31229]: CMDLOG: (10.45.118.32) - grep --color=auto suricata
Sep 11 19:48:11 Network-Security-Event-Validation-System root[31231]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:28 Network-Security-Event-Validation-System root[31246]: CMDLOG: (10.45.118.32) - ps -eo pid,%cpu,%mem,cmd
Sep 11 19:48:28 Network-Security-Event-Validation-System root[31248]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:34 Network-Security-Event-Validation-System root[31253]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:48:34 Network-Security-Event-Validation-System root[31255]: CMDLOG: (10.45.118.32) - grep --color=auto suricata
Sep 11 19:48:34 Network-Security-Event-Validation-System root[31257]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:48:48 Network-Security-Event-Validation-System root[31270]: CMDLOG: (10.45.118.32) - ps -p 1440
Sep 11 19:48:48 Network-Security-Event-Validation-System root[31272]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:12 Network-Security-Event-Validation-System root[31315]: CMDLOG: (10.45.118.32) - cat /proc/1440/exe
Sep 11 19:49:14 Network-Security-Event-Validation-System root[31320]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:14 Network-Security-Event-Validation-System root[31321]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:16 Network-Security-Event-Validation-System root[31323]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:17 Network-Security-Event-Validation-System root[31325]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:20 Network-Security-Event-Validation-System root[31329]: CMDLOG: (10.45.118.32) - cat -f /proc/1440/exe
Sep 11 19:49:20 Network-Security-Event-Validation-System root[31331]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:40 Network-Security-Event-Validation-System root[31348]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:49:40 Network-Security-Event-Validation-System root[31350]: CMDLOG: (10.45.118.32) - grep --color=auto suricata
Sep 11 19:49:40 Network-Security-Event-Validation-System root[31352]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:49:50 Network-Security-Event-Validation-System root[31361]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:49:50 Network-Security-Event-Validation-System root[31363]: CMDLOG: (10.45.118.32) - grep --color=auto suricata
Sep 11 19:49:50 Network-Security-Event-Validation-System root[31365]: CMDLOG: (10.45.118.32) - more
Sep 11 19:49:50 Network-Security-Event-Validation-System root[31367]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 19:50:01 Network-Security-Event-Validation-System systemd: Started Session 5731 of user root.
Sep 11 19:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 19:50:40 Network-Security-Event-Validation-System root[31416]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:50:40 Network-Security-Event-Validation-System root[31417]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:50:54 Network-Security-Event-Validation-System root[31429]: CMDLOG: (10.45.118.32) - lsof -p 1440
Sep 11 19:50:54 Network-Security-Event-Validation-System root[31432]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:51:52 Network-Security-Event-Validation-System root[31479]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:51:53 Network-Security-Event-Validation-System root[31481]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:51:57 Network-Security-Event-Validation-System root[31485]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:51:57 Network-Security-Event-Validation-System root[31487]: CMDLOG: (10.45.118.32) - more
Sep 11 19:51:57 Network-Security-Event-Validation-System root[31489]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:53:37 Network-Security-Event-Validation-System root[31570]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:53:37 Network-Security-Event-Validation-System root[31572]: CMDLOG: (10.45.118.32) - awk '{printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%.2fMB\t%.2fMB\t%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10/1024, $11/1024, $12}'
Sep 11 19:53:37 Network-Security-Event-Validation-System root[31575]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:53:41 Network-Security-Event-Validation-System root[31579]: CMDLOG: (10.45.118.32) - ps aux
Sep 11 19:53:41 Network-Security-Event-Validation-System root[31581]: CMDLOG: (10.45.118.32) - awk '{printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%.2fMB\t%.2fMB\t%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9, $10/1024, $11/1024, $12}'
Sep 11 19:53:41 Network-Security-Event-Validation-System root[31584]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:53:55 Network-Security-Event-Validation-System root[31597]: CMDLOG: (10.45.118.32) - ps -auxh
Sep 11 19:53:55 Network-Security-Event-Validation-System root[31599]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:53:59 Network-Security-Event-Validation-System root[31603]: CMDLOG: (10.45.118.32) - ps -help
Sep 11 19:53:59 Network-Security-Event-Validation-System root[31605]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:54:03 Network-Security-Event-Validation-System root[31609]: CMDLOG: (10.45.118.32) - ps
Sep 11 19:54:03 Network-Security-Event-Validation-System root[31611]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:54:06 Network-Security-Event-Validation-System root[31615]: CMDLOG: (10.45.118.32) - ps -aux
Sep 11 19:54:06 Network-Security-Event-Validation-System root[31617]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:55:43 Network-Security-Event-Validation-System root[31719]: CMDLOG: (10.45.118.32) - readlink /proc/1440/exe
Sep 11 19:55:43 Network-Security-Event-Validation-System root[31721]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:55:48 Network-Security-Event-Validation-System root[31726]: CMDLOG: (10.45.118.32) - readlink /proc/1440/exe -f
Sep 11 19:55:48 Network-Security-Event-Validation-System root[31728]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:55:52 Network-Security-Event-Validation-System root[31732]: CMDLOG: (10.45.118.32) - htop
Sep 11 19:55:56 Network-Security-Event-Validation-System root[31737]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:55:57 Network-Security-Event-Validation-System root[31739]: CMDLOG: (10.45.118.32) - top
Sep 11 19:56:11 Network-Security-Event-Validation-System root[31752]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:56:13 Network-Security-Event-Validation-System root[31755]: CMDLOG: (10.45.118.32) - htop
Sep 11 19:57:09 Network-Security-Event-Validation-System root[31802]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:10 Network-Security-Event-Validation-System root[31803]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:10 Network-Security-Event-Validation-System root[31805]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:10 Network-Security-Event-Validation-System root[31806]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:19 Network-Security-Event-Validation-System root[31814]: CMDLOG: (10.45.118.32) - netstat -tupln
Sep 11 19:57:19 Network-Security-Event-Validation-System root[31816]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:41 Network-Security-Event-Validation-System root[31835]: CMDLOG: (10.45.118.32) - ss
Sep 11 19:57:42 Network-Security-Event-Validation-System root[31845]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:54 Network-Security-Event-Validation-System root[31860]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:54 Network-Security-Event-Validation-System root[31861]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:54 Network-Security-Event-Validation-System root[31862]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:55 Network-Security-Event-Validation-System root[31863]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:55 Network-Security-Event-Validation-System root[31864]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:57:59 Network-Security-Event-Validation-System root[31878]: CMDLOG: (10.45.118.32) - cat /etc/crontab
Sep 11 19:57:59 Network-Security-Event-Validation-System root[31880]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:45 Network-Security-Event-Validation-System root[31918]: CMDLOG: (10.45.118.32) - free -h
Sep 11 19:58:45 Network-Security-Event-Validation-System root[31920]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:49 Network-Security-Event-Validation-System root[31925]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:50 Network-Security-Event-Validation-System root[31926]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:50 Network-Security-Event-Validation-System root[31927]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:50 Network-Security-Event-Validation-System root[31929]: CMDLOG: (10.45.118.32) - ls --color=auto
Sep 11 19:58:50 Network-Security-Event-Validation-System root[31931]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:50 Network-Security-Event-Validation-System root[31932]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31933]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31934]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31935]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31936]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31937]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31938]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:58:51 Network-Security-Event-Validation-System root[31940]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:00 Network-Security-Event-Validation-System root[31947]: CMDLOG: (10.45.118.32) - lsio
Sep 11 19:59:00 Network-Security-Event-Validation-System root[31949]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:05 Network-Security-Event-Validation-System root[31955]: CMDLOG: (10.45.118.32) - iostat
Sep 11 19:59:05 Network-Security-Event-Validation-System root[31957]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:16 Network-Security-Event-Validation-System root[31967]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:17 Network-Security-Event-Validation-System root[31968]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:33 Network-Security-Event-Validation-System root[31982]: CMDLOG: (10.45.118.32) - network_security_system
Sep 11 19:59:56 Network-Security-Event-Validation-System root[32528]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:56 Network-Security-Event-Validation-System root[32530]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:57 Network-Security-Event-Validation-System root[32531]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:57 Network-Security-Event-Validation-System root[32532]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:57 Network-Security-Event-Validation-System root[32533]: CMDLOG: (10.45.118.32) - history -a
Sep 11 19:59:58 Network-Security-Event-Validation-System root[32535]: CMDLOG: (10.45.118.32) - ifocnig
Sep 11 19:59:58 Network-Security-Event-Validation-System root[32537]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5732 of user root.
Sep 11 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5733 of user root.
Sep 11 20:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:01:01 Network-Security-Event-Validation-System systemd: Started Session 5734 of user root.
Sep 11 20:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:01:31 Network-Security-Event-Validation-System sshd[32642]: Accepted password for root from 10.45.118.32 port 50425 ssh2
Sep 11 20:01:31 Network-Security-Event-Validation-System root[32676]: CMDLOG: (10.45.118.32) - PATH=$PATH:$HOME/bin
Sep 11 20:01:31 Network-Security-Event-Validation-System root[32677]: CMDLOG: (10.45.118.32) - export PATH
Sep 11 20:01:31 Network-Security-Event-Validation-System root[32678]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:01:35 Network-Security-Event-Validation-System root[32682]: CMDLOG: (10.45.118.32) - cat cat /var/log/messages
Sep 11 20:01:36 Network-Security-Event-Validation-System root[32686]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:02:32 Network-Security-Event-Validation-System root[32731]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:02:38 Network-Security-Event-Validation-System root[32737]: CMDLOG: (10.45.118.32) - cat /var/log/messages more
Sep 11 20:02:40 Network-Security-Event-Validation-System root[32741]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:02:43 Network-Security-Event-Validation-System root[32745]: CMDLOG: (10.45.118.32) - cat /var/log/messages
Sep 11 20:02:43 Network-Security-Event-Validation-System root[32747]: CMDLOG: (10.45.118.32) - more
Sep 11 20:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:10:01 Network-Security-Event-Validation-System systemd: Started Session 5735 of user root.
Sep 11 20:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:10:38 Network-Security-Event-Validation-System root[735]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:14:15 Network-Security-Event-Validation-System root[964]: CMDLOG: (10.45.118.32) - find core.*
Sep 11 20:14:15 Network-Security-Event-Validation-System root[966]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:14:22 Network-Security-Event-Validation-System root[973]: CMDLOG: (10.45.118.32) - find / -name core.*
Sep 11 20:14:23 Network-Security-Event-Validation-System root[976]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:14:33 Network-Security-Event-Validation-System root[994]: CMDLOG: (10.45.118.32) - ls --color=auto -l --color=auto /core.*
Sep 11 20:14:33 Network-Security-Event-Validation-System root[996]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:14:36 Network-Security-Event-Validation-System root[1001]: CMDLOG: (10.45.118.32) - ls --color=auto -l --color=auto /core.* -h
Sep 11 20:14:36 Network-Security-Event-Validation-System root[1003]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:15:13 Network-Security-Event-Validation-System root[1035]: CMDLOG: (10.45.118.32) - sudo apt-get install gdb
Sep 11 20:15:13 Network-Security-Event-Validation-System root[1037]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:15:13 Network-Security-Event-Validation-System root[1038]: CMDLOG: (10.45.118.32) - sudo yum install gdb
Sep 11 20:15:14 Network-Security-Event-Validation-System root[1045]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:15:25 Network-Security-Event-Validation-System root[1055]: CMDLOG: (10.45.118.32) - ls --color=auto -l --color=auto /core.* -h
Sep 11 20:15:25 Network-Security-Event-Validation-System root[1057]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:15:37 Network-Security-Event-Validation-System root[1086]: CMDLOG: (10.45.118.32) - gdb /core.1545
Sep 11 20:17:09 Network-Security-Event-Validation-System root[1163]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:17:21 Network-Security-Event-Validation-System root[1188]: CMDLOG: (10.45.118.32) - gdb /home/Suricata/bin/suricata /core.1545
Sep 11 20:19:19 Network-Security-Event-Validation-System root[1286]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:19:20 Network-Security-Event-Validation-System root[1288]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:19:20 Network-Security-Event-Validation-System root[1289]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:19:22 Network-Security-Event-Validation-System root[1292]: CMDLOG: (10.45.118.32) - ls --color=auto
Sep 11 20:19:22 Network-Security-Event-Validation-System root[1294]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:19:39 Network-Security-Event-Validation-System root[1311]: CMDLOG: (10.45.118.32) - du -su /core.*
Sep 11 20:19:39 Network-Security-Event-Validation-System root[1313]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:19:42 Network-Security-Event-Validation-System root[1317]: CMDLOG: (10.45.118.32) - du -sh /core.*
Sep 11 20:19:42 Network-Security-Event-Validation-System root[1319]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:20:01 Network-Security-Event-Validation-System root[1335]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:20:01 Network-Security-Event-Validation-System systemd: Started Session 5736 of user root.
Sep 11 20:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:20:01 Network-Security-Event-Validation-System root[1343]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:20:01 Network-Security-Event-Validation-System root[1344]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:20:34 Network-Security-Event-Validation-System root[1514]: CMDLOG: (10.45.118.32) - vim /home/Suricata/suricata/suricata.yaml
Sep 11 20:23:55 Network-Security-Event-Validation-System root[1679]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:30:01 Network-Security-Event-Validation-System systemd: Started Session 5737 of user root.
Sep 11 20:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:32:00 Network-Security-Event-Validation-System root[2091]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:32:02 Network-Security-Event-Validation-System root[2093]: CMDLOG: (10.45.118.32) - vim /home/Suricata/suricata/suricata.yaml
Sep 11 20:32:19 Network-Security-Event-Validation-System root[2108]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:32:22 Network-Security-Event-Validation-System root[2118]: CMDLOG: (10.45.118.32) - service suricata restart
Sep 11 20:32:22 Network-Security-Event-Validation-System suricata: [1440] Notice: suricata: Signal Received.  Stopping engine.
Sep 11 20:32:22 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 11 20:32:24 Network-Security-Event-Validation-System suricata: [1440] Info: suricata: time elapsed 35124.859s
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1499] Perf: flow-manager: 26586776 flows processed
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1449] Perf: af-packet: em2: (W#01-em2) kernel: Packets 307939448, dropped 3214
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1450] Perf: af-packet: em2: (W#02-em2) kernel: Packets 334840812, dropped 1289
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1451] Perf: af-packet: em2: (W#03-em2) kernel: Packets 319678330, dropped 6801
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1453] Perf: af-packet: em2: (W#04-em2) kernel: Packets 313562308, dropped 1238
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1454] Perf: af-packet: em2: (W#05-em2) kernel: Packets 306051624, dropped 3923
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1455] Perf: af-packet: em2: (W#06-em2) kernel: Packets 296228947, dropped 2688
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1456] Perf: af-packet: em4: (W#01-em4) kernel: Packets 415952044, dropped 8512
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1468] Perf: af-packet: em4: (W#02-em4) kernel: Packets 356708360, dropped 5397
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1493] Perf: af-packet: em4: (W#03-em4) kernel: Packets 372409477, dropped 7975
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1494] Perf: af-packet: em4: (W#04-em4) kernel: Packets 404128240, dropped 10916
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1496] Perf: af-packet: em4: (W#05-em4) kernel: Packets 404920411, dropped 8949
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1497] Perf: af-packet: em4: (W#06-em4) kernel: Packets 370708243, dropped 16560
Sep 11 20:32:25 Network-Security-Event-Validation-System suricata: [1440] Info: counters: Alerts: 376
Sep 11 20:32:26 Network-Security-Event-Validation-System suricata: [1440] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 11 20:32:26 Network-Security-Event-Validation-System suricata: [1440] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 11 20:32:27 Network-Security-Event-Validation-System suricata: [1440] Notice: device: em2: packets: 1878301469, drops: 19153 (0.00%), invalid chksum: 0
Sep 11 20:32:27 Network-Security-Event-Validation-System suricata: [1440] Notice: device: em4: packets: 2324826775, drops: 58309 (0.00%), invalid chksum: 0
Sep 11 20:32:28 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 11 20:32:28 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 11 20:32:28 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 11 20:32:28 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 11 20:32:28 Network-Security-Event-Validation-System root[2142]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: cpu: CPUs/cores online: 6
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: suricata: Setting engine mode to IDS mode by default
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: ioctl: em2: MTU 1500
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: ioctl: em4: MTU 1500
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: conf: Running in live mode, activating unix socket
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: log-pcap: Using log dir /home/pcap-log
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: log-pcap: Selected pcap-log compression method: none
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 11 20:32:28 Network-Security-Event-Validation-System suricata: [2141] Info: log-pcap: using Sguil compatible logging
Sep 11 20:32:32 Network-Security-Event-Validation-System suricata: [2141] Info: detect: 5 rule files processed. 33392 rules successfully loaded, 0 rules failed
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Info: detect: 33393 signatures processed. 25 are IP-only rules, 7677 are inspecting packet payload, 25656 inspect application layer, 0 are decoder event only
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 20:32:33 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Unique rule groups: 191
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: Builtin MPM "other IP packet": 5
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 11 20:32:34 Network-Security-Event-Validation-System suricata: [2141] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 11 20:32:37 Network-Security-Event-Validation-System suricata: [2141] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 11 20:32:37 Network-Security-Event-Validation-System suricata: [2141] Info: runmodes: em2: creating 6 threads
Sep 11 20:32:37 Network-Security-Event-Validation-System suricata: [2151] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 11 20:32:37 Network-Security-Event-Validation-System suricata: [2151] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 11 20:32:38 Network-Security-Event-Validation-System suricata: [2141] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 11 20:32:38 Network-Security-Event-Validation-System suricata: [2141] Info: runmodes: em4: creating 6 threads
Sep 11 20:32:39 Network-Security-Event-Validation-System suricata: [2141] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 11 20:32:39 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 11 20:32:39 Network-Security-Event-Validation-System suricata: [2151] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:39 Network-Security-Event-Validation-System suricata: [2151] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2152] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2152] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2153] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2153] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2154] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2154] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2155] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2155] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2156] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2156] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2157] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2157] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2159] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2159] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2160] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2160] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2161] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2161] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2162] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2162] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2163] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2163] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 20:32:40 Network-Security-Event-Validation-System suricata: [2141] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 11 20:35:29 Network-Security-Event-Validation-System root[2305]: CMDLOG: (10.45.118.32) - ls --color=auto
Sep 11 20:35:29 Network-Security-Event-Validation-System root[2307]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:29 Network-Security-Event-Validation-System root[2308]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:32 Network-Security-Event-Validation-System root[2313]: CMDLOG: (10.45.118.32) - cd /home/pcap-log/
Sep 11 20:35:32 Network-Security-Event-Validation-System root[2314]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:32 Network-Security-Event-Validation-System root[2316]: CMDLOG: (10.45.118.32) - ls --color=auto
Sep 11 20:35:32 Network-Security-Event-Validation-System root[2318]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:36 Network-Security-Event-Validation-System root[2325]: CMDLOG: (10.45.118.32) - cd 2023-09-11/
Sep 11 20:35:36 Network-Security-Event-Validation-System root[2326]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:37 Network-Security-Event-Validation-System root[2328]: CMDLOG: (10.45.118.32) - ls --color=auto
Sep 11 20:35:37 Network-Security-Event-Validation-System root[2330]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:35:39 Network-Security-Event-Validation-System root[2332]: CMDLOG: (10.45.118.32) - ls --color=auto -l --color=auto -h
Sep 11 20:35:39 Network-Security-Event-Validation-System root[2334]: CMDLOG: (10.45.118.32) - history -a
Sep 11 20:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:40:01 Network-Security-Event-Validation-System systemd: Started Session 5738 of user root.
Sep 11 20:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 20:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 20:50:01 Network-Security-Event-Validation-System systemd: Started Session 5739 of user root.
Sep 11 20:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5740 of user root.
Sep 11 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5741 of user root.
Sep 11 21:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:01:01 Network-Security-Event-Validation-System systemd: Started Session 5742 of user root.
Sep 11 21:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:10:01 Network-Security-Event-Validation-System systemd: Started Session 5743 of user root.
Sep 11 21:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:20:01 Network-Security-Event-Validation-System systemd: Started Session 5744 of user root.
Sep 11 21:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:30:01 Network-Security-Event-Validation-System systemd: Started Session 5745 of user root.
Sep 11 21:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:30:47 Network-Security-Event-Validation-System systemd: Starting Cleanup of Temporary Directories...
Sep 11 21:30:47 Network-Security-Event-Validation-System systemd: Started Cleanup of Temporary Directories.
Sep 11 21:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:40:01 Network-Security-Event-Validation-System systemd: Started Session 5746 of user root.
Sep 11 21:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 21:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 21:50:01 Network-Security-Event-Validation-System systemd: Started Session 5747 of user root.
Sep 11 21:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5748 of user root.
Sep 11 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5749 of user root.
Sep 11 22:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:01:01 Network-Security-Event-Validation-System systemd: Started Session 5750 of user root.
Sep 11 22:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:10:01 Network-Security-Event-Validation-System systemd: Started Session 5751 of user root.
Sep 11 22:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:20:01 Network-Security-Event-Validation-System systemd: Started Session 5752 of user root.
Sep 11 22:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:30:01 Network-Security-Event-Validation-System systemd: Started Session 5753 of user root.
Sep 11 22:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:40:01 Network-Security-Event-Validation-System systemd: Started Session 5754 of user root.
Sep 11 22:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 22:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 22:50:01 Network-Security-Event-Validation-System systemd: Started Session 5755 of user root.
Sep 11 22:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5756 of user root.
Sep 11 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5757 of user root.
Sep 11 23:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:01:01 Network-Security-Event-Validation-System systemd: Started Session 5758 of user root.
Sep 11 23:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:10:01 Network-Security-Event-Validation-System systemd: Started Session 5759 of user root.
Sep 11 23:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:20:01 Network-Security-Event-Validation-System systemd: Started Session 5760 of user root.
Sep 11 23:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:30:01 Network-Security-Event-Validation-System systemd: Started Session 5761 of user root.
Sep 11 23:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:40:01 Network-Security-Event-Validation-System systemd: Started Session 5762 of user root.
Sep 11 23:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:50:01 Network-Security-Event-Validation-System systemd: Started Session 5763 of user root.
Sep 11 23:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:53:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:53:01 Network-Security-Event-Validation-System systemd: Started Session 5764 of user root.
Sep 11 23:53:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:59:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 11 23:59:01 Network-Security-Event-Validation-System systemd: Started Session 5765 of user root.
Sep 11 23:59:01 Network-Security-Event-Validation-System suricata: [2141] Notice: suricata: Signal Received.  Stopping engine.
Sep 11 23:59:01 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 11 23:59:02 Network-Security-Event-Validation-System suricata: [2141] Info: suricata: time elapsed 12385.134s
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2165] Perf: flow-manager: 2226065 flows processed
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2151] Perf: af-packet: em2: (W#01-em2) kernel: Packets 17080794, dropped 10
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2152] Perf: af-packet: em2: (W#02-em2) kernel: Packets 22187139, dropped 0
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2153] Perf: af-packet: em2: (W#03-em2) kernel: Packets 18765999, dropped 124
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2154] Perf: af-packet: em2: (W#04-em2) kernel: Packets 15158529, dropped 0
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2155] Perf: af-packet: em2: (W#05-em2) kernel: Packets 19314912, dropped 87
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2156] Perf: af-packet: em2: (W#06-em2) kernel: Packets 12660646, dropped 0
Sep 11 23:59:03 Network-Security-Event-Validation-System suricata: [2157] Perf: af-packet: em4: (W#01-em4) kernel: Packets 96078479, dropped 2742
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2159] Perf: af-packet: em4: (W#02-em4) kernel: Packets 69584672, dropped 1892
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2160] Perf: af-packet: em4: (W#03-em4) kernel: Packets 67480966, dropped 1817
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2161] Perf: af-packet: em4: (W#04-em4) kernel: Packets 102491564, dropped 3187
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2162] Perf: af-packet: em4: (W#05-em4) kernel: Packets 73686127, dropped 1657
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2163] Perf: af-packet: em4: (W#06-em4) kernel: Packets 77328794, dropped 1403
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2141] Info: counters: Alerts: 36
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2141] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 11 23:59:04 Network-Security-Event-Validation-System suricata: [2141] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 11 23:59:05 Network-Security-Event-Validation-System suricata: [2141] Notice: device: em2: packets: 105168019, drops: 221 (0.00%), invalid chksum: 0
Sep 11 23:59:05 Network-Security-Event-Validation-System suricata: [2141] Notice: device: em4: packets: 486650602, drops: 12698 (0.00%), invalid chksum: 0
Sep 11 23:59:06 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 11 23:59:06 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 11 23:59:06 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 11 23:59:06 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: cpu: CPUs/cores online: 6
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: suricata: Setting engine mode to IDS mode by default
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: ioctl: em2: MTU 1500
Sep 11 23:59:06 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: ioctl: em4: MTU 1500
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: conf: Running in live mode, activating unix socket
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: log-pcap: Using log dir /home/pcap-log
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: log-pcap: Selected pcap-log compression method: none
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 11 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Info: log-pcap: using Sguil compatible logging
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Info: detect: 5 rule files processed. 33392 rules successfully loaded, 0 rules failed
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Info: detect: 33393 signatures processed. 25 are IP-only rules, 7677 are inspecting packet payload, 25656 inspect application layer, 0 are decoder event only
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 11 23:59:10 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 23:59:11 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Unique rule groups: 191
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: Builtin MPM "other IP packet": 5
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 11 23:59:12 Network-Security-Event-Validation-System suricata: [12425] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 11 23:59:15 Network-Security-Event-Validation-System suricata: [12425] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 11 23:59:15 Network-Security-Event-Validation-System suricata: [12425] Info: runmodes: em2: creating 6 threads
Sep 11 23:59:15 Network-Security-Event-Validation-System suricata: [12440] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 11 23:59:15 Network-Security-Event-Validation-System suricata: [12440] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 11 23:59:16 Network-Security-Event-Validation-System suricata: [12425] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 11 23:59:16 Network-Security-Event-Validation-System suricata: [12425] Info: runmodes: em4: creating 6 threads
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12425] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12440] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:17 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12440] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12441] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12441] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12442] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12442] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12444] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:17 Network-Security-Event-Validation-System suricata: [12444] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12445] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12445] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12446] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12446] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12448] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12448] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12449] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12449] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12450] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12450] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12451] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12451] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12452] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12452] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12453] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12453] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 11 23:59:18 Network-Security-Event-Validation-System suricata: [12425] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 12 00:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5766 of user root.
Sep 12 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5767 of user root.
Sep 12 00:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:01:01 Network-Security-Event-Validation-System systemd: Started Session 5768 of user root.
Sep 12 00:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:10:01 Network-Security-Event-Validation-System systemd: Started Session 5769 of user root.
Sep 12 00:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:20:01 Network-Security-Event-Validation-System systemd: Started Session 5770 of user root.
Sep 12 00:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:30:01 Network-Security-Event-Validation-System systemd: Started Session 5771 of user root.
Sep 12 00:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:40:01 Network-Security-Event-Validation-System systemd: Started Session 5772 of user root.
Sep 12 00:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 00:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 00:50:01 Network-Security-Event-Validation-System systemd: Started Session 5773 of user root.
Sep 12 00:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5774 of user root.
Sep 12 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5775 of user root.
Sep 12 01:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:01:01 Network-Security-Event-Validation-System systemd: Started Session 5776 of user root.
Sep 12 01:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:10:01 Network-Security-Event-Validation-System systemd: Started Session 5777 of user root.
Sep 12 01:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:20:01 Network-Security-Event-Validation-System systemd: Started Session 5778 of user root.
Sep 12 01:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:30:01 Network-Security-Event-Validation-System systemd: Started Session 5779 of user root.
Sep 12 01:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:40:01 Network-Security-Event-Validation-System systemd: Started Session 5780 of user root.
Sep 12 01:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 01:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 01:50:01 Network-Security-Event-Validation-System systemd: Started Session 5781 of user root.
Sep 12 01:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5782 of user root.
Sep 12 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5783 of user root.
Sep 12 02:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:01:01 Network-Security-Event-Validation-System systemd: Started Session 5784 of user root.
Sep 12 02:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:10:01 Network-Security-Event-Validation-System systemd: Started Session 5785 of user root.
Sep 12 02:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:20:01 Network-Security-Event-Validation-System systemd: Started Session 5786 of user root.
Sep 12 02:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:30:01 Network-Security-Event-Validation-System systemd: Started Session 5787 of user root.
Sep 12 02:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:40:01 Network-Security-Event-Validation-System systemd: Started Session 5788 of user root.
Sep 12 02:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 02:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 02:50:01 Network-Security-Event-Validation-System systemd: Started Session 5789 of user root.
Sep 12 02:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 03:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5790 of user root.
Sep 12 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5791 of user root.
Sep 12 03:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 03:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 03:01:01 Network-Security-Event-Validation-System systemd: Started Session 5792 of user root.
Sep 12 03:10:01 Network-Security-Event-Validation-System systemd: Started Session 5793 of user root.
Sep 12 03:20:01 Network-Security-Event-Validation-System systemd: Started Session 5794 of user root.
Sep 12 03:30:01 Network-Security-Event-Validation-System systemd: Started Session 5795 of user root.
Sep 12 03:40:01 Network-Security-Event-Validation-System systemd: Started Session 5796 of user root.
Sep 12 03:42:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 03:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 03:50:01 Network-Security-Event-Validation-System systemd: Started Session 5797 of user root.
Sep 12 03:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5798 of user root.
Sep 12 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5799 of user root.
Sep 12 04:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:01:01 Network-Security-Event-Validation-System systemd: Started Session 5800 of user root.
Sep 12 04:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:10:01 Network-Security-Event-Validation-System systemd: Started Session 5801 of user root.
Sep 12 04:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:20:01 Network-Security-Event-Validation-System systemd: Started Session 5802 of user root.
Sep 12 04:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:30:01 Network-Security-Event-Validation-System systemd: Started Session 5803 of user root.
Sep 12 04:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:40:01 Network-Security-Event-Validation-System systemd: Started Session 5804 of user root.
Sep 12 04:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 04:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 04:50:01 Network-Security-Event-Validation-System systemd: Started Session 5805 of user root.
Sep 12 04:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5806 of user root.
Sep 12 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 5807 of user root.
Sep 12 05:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:01:01 Network-Security-Event-Validation-System systemd: Started Session 5808 of user root.
Sep 12 05:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:10:01 Network-Security-Event-Validation-System systemd: Started Session 5809 of user root.
Sep 12 05:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:20:01 Network-Security-Event-Validation-System systemd: Started Session 5810 of user root.
Sep 12 05:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:30:01 Network-Security-Event-Validation-System systemd: Started Session 5811 of user root.
Sep 12 05:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:40:01 Network-Security-Event-Validation-System systemd: Started Session 5812 of user root.
Sep 12 05:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 05:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 05:50:01 Network-Security-Event-Validation-System systemd: Started Session 5813 of user root.
Sep 12 05:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5814 of user root.
Sep 12 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 5815 of user root.
Sep 12 06:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:01:01 Network-Security-Event-Validation-System systemd: Started Session 5816 of user root.
Sep 12 06:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:10:01 Network-Security-Event-Validation-System systemd: Started Session 5817 of user root.
Sep 12 06:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:20:01 Network-Security-Event-Validation-System systemd: Started Session 5818 of user root.
Sep 12 06:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:30:01 Network-Security-Event-Validation-System systemd: Started Session 5819 of user root.
Sep 12 06:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:40:01 Network-Security-Event-Validation-System systemd: Started Session 5820 of user root.
Sep 12 06:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 06:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 06:50:01 Network-Security-Event-Validation-System systemd: Started Session 5821 of user root.
Sep 12 06:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5822 of user root.
Sep 12 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 5823 of user root.
Sep 12 07:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:01:01 Network-Security-Event-Validation-System systemd: Started Session 5824 of user root.
Sep 12 07:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:10:01 Network-Security-Event-Validation-System systemd: Started Session 5825 of user root.
Sep 12 07:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:20:01 Network-Security-Event-Validation-System systemd: Started Session 5826 of user root.
Sep 12 07:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:30:01 Network-Security-Event-Validation-System systemd: Started Session 5827 of user root.
Sep 12 07:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:40:01 Network-Security-Event-Validation-System systemd: Started Session 5828 of user root.
Sep 12 07:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 07:50:01 Network-Security-Event-Validation-System systemd: Started Session 5829 of user root.
Sep 12 07:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 07:50:23 Network-Security-Event-Validation-System sshd[3456]: Accepted password for root from 10.45.118.27 port 49743 ssh2
Sep 12 07:50:23 Network-Security-Event-Validation-System root[3490]: CMDLOG: (10.45.118.27) - PATH=$PATH:$HOME/bin
Sep 12 07:50:23 Network-Security-Event-Validation-System root[3491]: CMDLOG: (10.45.118.27) - export PATH
Sep 12 07:50:23 Network-Security-Event-Validation-System root[3492]: CMDLOG: (10.45.118.27) - history -a
Sep 12 07:50:24 Network-Security-Event-Validation-System root[3495]: CMDLOG: (10.45.118.27) - history -a
Sep 12 07:50:24 Network-Security-Event-Validation-System root[3496]: CMDLOG: (10.45.118.27) - history -a
Sep 12 07:50:25 Network-Security-Event-Validation-System root[3497]: CMDLOG: (10.45.118.27) - history -a
Sep 12 07:50:32 Network-Security-Event-Validation-System root[3504]: CMDLOG: (10.45.118.27) - service suricata status
Sep 12 07:50:32 Network-Security-Event-Validation-System root[3516]: CMDLOG: (10.45.118.27) - history -a
Sep 12 08:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5830 of user root.
Sep 12 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 5831 of user root.
Sep 12 08:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:01:01 Network-Security-Event-Validation-System systemd: Started Session 5832 of user root.
Sep 12 08:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:10:01 Network-Security-Event-Validation-System systemd: Started Session 5833 of user root.
Sep 12 08:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:20:01 Network-Security-Event-Validation-System systemd: Started Session 5834 of user root.
Sep 12 08:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:30:01 Network-Security-Event-Validation-System systemd: Started Session 5835 of user root.
Sep 12 08:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:40:01 Network-Security-Event-Validation-System systemd: Started Session 5836 of user root.
Sep 12 08:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 08:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 08:50:01 Network-Security-Event-Validation-System systemd: Started Session 5837 of user root.
Sep 12 08:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5838 of user root.
Sep 12 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5839 of user root.
Sep 12 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 5840 of user root.
Sep 12 09:00:05 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:01:01 Network-Security-Event-Validation-System systemd: Started Session 5841 of user root.
Sep 12 09:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:10:01 Network-Security-Event-Validation-System systemd: Started Session 5842 of user root.
Sep 12 09:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:20:01 Network-Security-Event-Validation-System systemd: Started Session 5843 of user root.
Sep 12 09:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:30:01 Network-Security-Event-Validation-System systemd: Started Session 5844 of user root.
Sep 12 09:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:30:12 Network-Security-Event-Validation-System sshd[8575]: Accepted password for root from 10.45.118.98 port 50176 ssh2
Sep 12 09:30:12 Network-Security-Event-Validation-System root[8610]: CMDLOG: (10.45.118.98) - PATH=$PATH:$HOME/bin
Sep 12 09:30:12 Network-Security-Event-Validation-System root[8611]: CMDLOG: (10.45.118.98) - export PATH
Sep 12 09:30:12 Network-Security-Event-Validation-System root[8612]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:13 Network-Security-Event-Validation-System root[8613]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:13 Network-Security-Event-Validation-System root[8615]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:22 Network-Security-Event-Validation-System root[8622]: CMDLOG: (10.45.118.98) - cd /home/pcap-log
Sep 12 09:30:22 Network-Security-Event-Validation-System root[8623]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:22 Network-Security-Event-Validation-System root[8624]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:30:22 Network-Security-Event-Validation-System root[8626]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:27 Network-Security-Event-Validation-System root[8631]: CMDLOG: (10.45.118.98) - cd 2023-9-12
Sep 12 09:30:27 Network-Security-Event-Validation-System root[8632]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:27 Network-Security-Event-Validation-System root[8634]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:30:27 Network-Security-Event-Validation-System root[8636]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:30:32 Network-Security-Event-Validation-System root[8641]: CMDLOG: (10.45.118.98) - tree -h
Sep 12 09:30:32 Network-Security-Event-Validation-System root[8643]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:31:30 Network-Security-Event-Validation-System root[8697]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:31:30 Network-Security-Event-Validation-System root[8699]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:31:35 Network-Security-Event-Validation-System root[8703]: CMDLOG: (10.45.118.98) - cd 2023-09-12
Sep 12 09:31:35 Network-Security-Event-Validation-System root[8704]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:31:35 Network-Security-Event-Validation-System root[8706]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:31:35 Network-Security-Event-Validation-System root[8708]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:31:37 Network-Security-Event-Validation-System root[8710]: CMDLOG: (10.45.118.98) - ls --color=auto -l --color=auto h
Sep 12 09:31:37 Network-Security-Event-Validation-System root[8712]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:14 Network-Security-Event-Validation-System root[8793]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:33:14 Network-Security-Event-Validation-System root[8795]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:14 Network-Security-Event-Validation-System root[8796]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:44 Network-Security-Event-Validation-System root[8821]: CMDLOG: (10.45.118.98) - vim /WEB/Suricata/suricata/settings.py
Sep 12 09:33:46 Network-Security-Event-Validation-System root[8825]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:47 Network-Security-Event-Validation-System root[8827]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:33:47 Network-Security-Event-Validation-System root[8829]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:58 Network-Security-Event-Validation-System root[8839]: CMDLOG: (10.45.118.98) - cd /WEB/Suricata/suricata
Sep 12 09:33:58 Network-Security-Event-Validation-System root[8840]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:33:59 Network-Security-Event-Validation-System root[8841]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:33:59 Network-Security-Event-Validation-System root[8843]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:04 Network-Security-Event-Validation-System root[8848]: CMDLOG: (10.45.118.98) - cd /WEB/suricata
Sep 12 09:34:04 Network-Security-Event-Validation-System root[8849]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:05 Network-Security-Event-Validation-System root[8851]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:34:05 Network-Security-Event-Validation-System root[8853]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:07 Network-Security-Event-Validation-System root[8855]: CMDLOG: (10.45.118.98) - cd suricata
Sep 12 09:34:07 Network-Security-Event-Validation-System root[8856]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:07 Network-Security-Event-Validation-System root[8858]: CMDLOG: (10.45.118.98) - ls --color=auto
Sep 12 09:34:07 Network-Security-Event-Validation-System root[8860]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:11 Network-Security-Event-Validation-System root[8865]: CMDLOG: (10.45.118.98) - vim settings.py
Sep 12 09:34:14 Network-Security-Event-Validation-System root[8869]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:20 Network-Security-Event-Validation-System root[8875]: CMDLOG: (10.45.118.98) - service uwsgi restart
Sep 12 09:34:20 Network-Security-Event-Validation-System systemd: Stopping uWSGI Server...
Sep 12 09:34:21 Network-Security-Event-Validation-System systemd: Stopped uWSGI Server.
Sep 12 09:34:21 Network-Security-Event-Validation-System systemd: Started uWSGI Server.
Sep 12 09:34:21 Network-Security-Event-Validation-System root[8895]: CMDLOG: (10.45.118.98) - history -a
Sep 12 09:34:21 Network-Security-Event-Validation-System uwsgi: [uWSGI] getting INI configuration from /WEB/suricata/uwsgi.ini
Sep 12 09:34:21 Network-Security-Event-Validation-System uwsgi: [uwsgi-static] added mapping for /static => /WEB/suricata/app01/static
Sep 12 09:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:40:01 Network-Security-Event-Validation-System systemd: Started Session 5845 of user root.
Sep 12 09:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 09:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 09:50:01 Network-Security-Event-Validation-System systemd: Started Session 5846 of user root.
Sep 12 09:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5847 of user root.
Sep 12 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 5848 of user root.
Sep 12 10:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:01:01 Network-Security-Event-Validation-System systemd: Started Session 5849 of user root.
Sep 12 10:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:10:01 Network-Security-Event-Validation-System systemd: Started Session 5850 of user root.
Sep 12 10:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:20:01 Network-Security-Event-Validation-System systemd: Started Session 5851 of user root.
Sep 12 10:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:30:01 Network-Security-Event-Validation-System systemd: Started Session 5852 of user root.
Sep 12 10:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:40:01 Network-Security-Event-Validation-System systemd: Started Session 5853 of user root.
Sep 12 10:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 10:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 10:50:01 Network-Security-Event-Validation-System systemd: Started Session 5854 of user root.
Sep 12 10:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5855 of user root.
Sep 12 11:00:01 Network-Security-Event-Validation-System systemd: Started Session 5856 of user root.
Sep 12 11:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:01:01 Network-Security-Event-Validation-System systemd: Started Session 5857 of user root.
Sep 12 11:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:10:01 Network-Security-Event-Validation-System systemd: Started Session 5858 of user root.
Sep 12 11:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:20:01 Network-Security-Event-Validation-System systemd: Started Session 5859 of user root.
Sep 12 11:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:30:01 Network-Security-Event-Validation-System systemd: Started Session 5860 of user root.
Sep 12 11:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:40:01 Network-Security-Event-Validation-System systemd: Started Session 5861 of user root.
Sep 12 11:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 11:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 11:50:01 Network-Security-Event-Validation-System systemd: Started Session 5862 of user root.
Sep 12 11:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5863 of user root.
Sep 12 12:00:01 Network-Security-Event-Validation-System systemd: Started Session 5864 of user root.
Sep 12 12:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:01:01 Network-Security-Event-Validation-System systemd: Started Session 5865 of user root.
Sep 12 12:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:10:01 Network-Security-Event-Validation-System systemd: Started Session 5866 of user root.
Sep 12 12:10:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:20:01 Network-Security-Event-Validation-System systemd: Started Session 5867 of user root.
Sep 12 12:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:30:01 Network-Security-Event-Validation-System systemd: Started Session 5868 of user root.
Sep 12 12:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:40:01 Network-Security-Event-Validation-System systemd: Started Session 5869 of user root.
Sep 12 12:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 12:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 12:50:01 Network-Security-Event-Validation-System systemd: Started Session 5870 of user root.
Sep 12 12:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5871 of user root.
Sep 12 13:00:01 Network-Security-Event-Validation-System systemd: Started Session 5872 of user root.
Sep 12 13:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:01:01 Network-Security-Event-Validation-System systemd: Started Session 5873 of user root.
Sep 12 13:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:10:01 Network-Security-Event-Validation-System systemd: Started Session 5874 of user root.
Sep 12 13:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:20:01 Network-Security-Event-Validation-System systemd: Started Session 5875 of user root.
Sep 12 13:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:30:01 Network-Security-Event-Validation-System systemd: Started Session 5876 of user root.
Sep 12 13:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:40:01 Network-Security-Event-Validation-System systemd: Started Session 5877 of user root.
Sep 12 13:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 13:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 13:50:01 Network-Security-Event-Validation-System systemd: Started Session 5878 of user root.
Sep 12 13:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5880 of user root.
Sep 12 14:00:01 Network-Security-Event-Validation-System systemd: Started Session 5879 of user root.
Sep 12 14:00:06 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:01:01 Network-Security-Event-Validation-System systemd: Started Session 5881 of user root.
Sep 12 14:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:10:01 Network-Security-Event-Validation-System systemd: Started Session 5882 of user root.
Sep 12 14:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:20:01 Network-Security-Event-Validation-System systemd: Started Session 5883 of user root.
Sep 12 14:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:30:01 Network-Security-Event-Validation-System systemd: Started Session 5884 of user root.
Sep 12 14:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:40:01 Network-Security-Event-Validation-System systemd: Started Session 5885 of user root.
Sep 12 14:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 14:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 14:50:01 Network-Security-Event-Validation-System systemd: Started Session 5886 of user root.
Sep 12 14:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5888 of user root.
Sep 12 15:00:01 Network-Security-Event-Validation-System systemd: Started Session 5887 of user root.
Sep 12 15:00:07 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:01:01 Network-Security-Event-Validation-System systemd: Started Session 5889 of user root.
Sep 12 15:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:10:01 Network-Security-Event-Validation-System systemd: Started Session 5890 of user root.
Sep 12 15:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:20:01 Network-Security-Event-Validation-System systemd: Started Session 5891 of user root.
Sep 12 15:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:30:01 Network-Security-Event-Validation-System systemd: Started Session 5892 of user root.
Sep 12 15:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:40:01 Network-Security-Event-Validation-System systemd: Started Session 5893 of user root.
Sep 12 15:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 15:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 15:50:01 Network-Security-Event-Validation-System systemd: Started Session 5894 of user root.
Sep 12 15:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5895 of user root.
Sep 12 16:00:01 Network-Security-Event-Validation-System systemd: Started Session 5896 of user root.
Sep 12 16:00:07 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:01:01 Network-Security-Event-Validation-System systemd: Started Session 5897 of user root.
Sep 12 16:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:10:01 Network-Security-Event-Validation-System systemd: Started Session 5898 of user root.
Sep 12 16:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:20:01 Network-Security-Event-Validation-System systemd: Started Session 5899 of user root.
Sep 12 16:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:30:01 Network-Security-Event-Validation-System systemd: Started Session 5900 of user root.
Sep 12 16:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:40:01 Network-Security-Event-Validation-System systemd: Started Session 5901 of user root.
Sep 12 16:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 16:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 16:50:01 Network-Security-Event-Validation-System systemd: Started Session 5902 of user root.
Sep 12 16:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5903 of user root.
Sep 12 17:00:01 Network-Security-Event-Validation-System systemd: Started Session 5904 of user root.
Sep 12 17:00:08 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:01:01 Network-Security-Event-Validation-System systemd: Started Session 5905 of user root.
Sep 12 17:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:10:01 Network-Security-Event-Validation-System systemd: Started Session 5906 of user root.
Sep 12 17:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:20:01 Network-Security-Event-Validation-System systemd: Started Session 5907 of user root.
Sep 12 17:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:29:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:29:01 Network-Security-Event-Validation-System systemd: Started Session 5908 of user root.
Sep 12 17:29:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5909 of user root.
Sep 12 17:30:01 Network-Security-Event-Validation-System systemd: Started Session 5910 of user root.
Sep 12 17:30:12 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:40:01 Network-Security-Event-Validation-System systemd: Started Session 5911 of user root.
Sep 12 17:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 17:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 17:50:01 Network-Security-Event-Validation-System systemd: Started Session 5912 of user root.
Sep 12 17:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5913 of user root.
Sep 12 18:00:01 Network-Security-Event-Validation-System systemd: Started Session 5914 of user root.
Sep 12 18:00:07 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:01:01 Network-Security-Event-Validation-System systemd: Started Session 5915 of user root.
Sep 12 18:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:10:01 Network-Security-Event-Validation-System systemd: Started Session 5916 of user root.
Sep 12 18:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:20:01 Network-Security-Event-Validation-System systemd: Started Session 5917 of user root.
Sep 12 18:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:30:01 Network-Security-Event-Validation-System systemd: Started Session 5918 of user root.
Sep 12 18:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:40:01 Network-Security-Event-Validation-System systemd: Started Session 5919 of user root.
Sep 12 18:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 18:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 18:50:01 Network-Security-Event-Validation-System systemd: Started Session 5920 of user root.
Sep 12 18:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5921 of user root.
Sep 12 19:00:01 Network-Security-Event-Validation-System systemd: Started Session 5922 of user root.
Sep 12 19:00:07 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:01:01 Network-Security-Event-Validation-System systemd: Started Session 5923 of user root.
Sep 12 19:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:10:01 Network-Security-Event-Validation-System systemd: Started Session 5924 of user root.
Sep 12 19:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:20:01 Network-Security-Event-Validation-System systemd: Started Session 5925 of user root.
Sep 12 19:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:30:01 Network-Security-Event-Validation-System systemd: Started Session 5926 of user root.
Sep 12 19:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:40:01 Network-Security-Event-Validation-System systemd: Started Session 5927 of user root.
Sep 12 19:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 19:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 19:50:01 Network-Security-Event-Validation-System systemd: Started Session 5928 of user root.
Sep 12 19:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5930 of user root.
Sep 12 20:00:01 Network-Security-Event-Validation-System systemd: Started Session 5929 of user root.
Sep 12 20:00:08 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:01:01 Network-Security-Event-Validation-System systemd: Started Session 5931 of user root.
Sep 12 20:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:10:01 Network-Security-Event-Validation-System systemd: Started Session 5932 of user root.
Sep 12 20:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:20:01 Network-Security-Event-Validation-System systemd: Started Session 5933 of user root.
Sep 12 20:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:30:01 Network-Security-Event-Validation-System systemd: Started Session 5934 of user root.
Sep 12 20:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:40:01 Network-Security-Event-Validation-System systemd: Started Session 5935 of user root.
Sep 12 20:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 20:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 20:50:01 Network-Security-Event-Validation-System systemd: Started Session 5936 of user root.
Sep 12 20:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5937 of user root.
Sep 12 21:00:01 Network-Security-Event-Validation-System systemd: Started Session 5938 of user root.
Sep 12 21:00:08 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:01:01 Network-Security-Event-Validation-System systemd: Started Session 5939 of user root.
Sep 12 21:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:10:01 Network-Security-Event-Validation-System systemd: Started Session 5940 of user root.
Sep 12 21:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:20:01 Network-Security-Event-Validation-System systemd: Started Session 5941 of user root.
Sep 12 21:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:30:01 Network-Security-Event-Validation-System systemd: Started Session 5942 of user root.
Sep 12 21:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:30:48 Network-Security-Event-Validation-System systemd: Starting Cleanup of Temporary Directories...
Sep 12 21:30:48 Network-Security-Event-Validation-System systemd: Started Cleanup of Temporary Directories.
Sep 12 21:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:40:01 Network-Security-Event-Validation-System systemd: Started Session 5943 of user root.
Sep 12 21:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 21:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 21:50:01 Network-Security-Event-Validation-System systemd: Started Session 5944 of user root.
Sep 12 21:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5945 of user root.
Sep 12 22:00:01 Network-Security-Event-Validation-System systemd: Started Session 5946 of user root.
Sep 12 22:00:08 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:01:01 Network-Security-Event-Validation-System systemd: Started Session 5947 of user root.
Sep 12 22:01:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:10:01 Network-Security-Event-Validation-System systemd: Started Session 5948 of user root.
Sep 12 22:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:20:01 Network-Security-Event-Validation-System systemd: Started Session 5949 of user root.
Sep 12 22:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:30:01 Network-Security-Event-Validation-System systemd: Started Session 5950 of user root.
Sep 12 22:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:40:01 Network-Security-Event-Validation-System systemd: Started Session 5951 of user root.
Sep 12 22:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 22:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 22:50:01 Network-Security-Event-Validation-System systemd: Started Session 5952 of user root.
Sep 12 22:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5953 of user root.
Sep 12 23:00:01 Network-Security-Event-Validation-System systemd: Started Session 5954 of user root.
Sep 12 23:00:08 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:01:01 Network-Security-Event-Validation-System systemd: Started Session 5955 of user root.
Sep 12 23:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:10:01 Network-Security-Event-Validation-System systemd: Started Session 5956 of user root.
Sep 12 23:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:20:01 Network-Security-Event-Validation-System systemd: Started Session 5957 of user root.
Sep 12 23:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:30:01 Network-Security-Event-Validation-System systemd: Started Session 5958 of user root.
Sep 12 23:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:40:01 Network-Security-Event-Validation-System systemd: Started Session 5959 of user root.
Sep 12 23:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:50:01 Network-Security-Event-Validation-System systemd: Started Session 5960 of user root.
Sep 12 23:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:53:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:53:01 Network-Security-Event-Validation-System systemd: Started Session 5961 of user root.
Sep 12 23:53:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:59:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 12 23:59:01 Network-Security-Event-Validation-System systemd: Started Session 5962 of user root.
Sep 12 23:59:01 Network-Security-Event-Validation-System suricata: [12425] Notice: suricata: Signal Received.  Stopping engine.
Sep 12 23:59:01 Network-Security-Event-Validation-System systemd: Stopping Suricata...
Sep 12 23:59:03 Network-Security-Event-Validation-System suricata: [12425] Info: suricata: time elapsed 86387.844s
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12456] Perf: flow-manager: 40486230 flows processed
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12440] Perf: af-packet: em2: (W#01-em2) kernel: Packets 426778325, dropped 6522
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12441] Perf: af-packet: em2: (W#02-em2) kernel: Packets 459410342, dropped 216
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12442] Perf: af-packet: em2: (W#03-em2) kernel: Packets 472846618, dropped 20033
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12444] Perf: af-packet: em2: (W#04-em2) kernel: Packets 448941634, dropped 499
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12445] Perf: af-packet: em2: (W#05-em2) kernel: Packets 467436394, dropped 15118
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12446] Perf: af-packet: em2: (W#06-em2) kernel: Packets 460785170, dropped 26941
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12448] Perf: af-packet: em4: (W#01-em4) kernel: Packets 935498728, dropped 112211
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12449] Perf: af-packet: em4: (W#02-em4) kernel: Packets 737034443, dropped 5015
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12450] Perf: af-packet: em4: (W#03-em4) kernel: Packets 701858658, dropped 7293
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12451] Perf: af-packet: em4: (W#04-em4) kernel: Packets 732409209, dropped 3941
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12452] Perf: af-packet: em4: (W#05-em4) kernel: Packets 757832776, dropped 5947
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12453] Perf: af-packet: em4: (W#06-em4) kernel: Packets 744290713, dropped 3384
Sep 12 23:59:04 Network-Security-Event-Validation-System suricata: [12425] Info: counters: Alerts: 5455
Sep 12 23:59:05 Network-Security-Event-Validation-System suricata: [12425] Perf: ippair: ippair memory usage: 414144 bytes, maximum: 16777216
Sep 12 23:59:05 Network-Security-Event-Validation-System suricata: [12425] Perf: host: host memory usage: 398144 bytes, maximum: 33554432
Sep 12 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Notice: device: em2: packets: 2736198483, drops: 69329 (0.00%), invalid chksum: 0
Sep 12 23:59:06 Network-Security-Event-Validation-System suricata: [12425] Notice: device: em4: packets: 4608924527, drops: 137791 (0.00%), invalid chksum: 0
Sep 12 23:59:07 Network-Security-Event-Validation-System kernel: device em2 left promiscuous mode
Sep 12 23:59:07 Network-Security-Event-Validation-System kernel: device em4 left promiscuous mode
Sep 12 23:59:07 Network-Security-Event-Validation-System systemd: Stopped Suricata.
Sep 12 23:59:07 Network-Security-Event-Validation-System systemd: Started Suricata.
Sep 12 23:59:07 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 12 23:59:07 Network-Security-Event-Validation-System suricata: [19430] Notice: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 12 23:59:07 Network-Security-Event-Validation-System suricata: [19430] Info: cpu: CPUs/cores online: 6
Sep 12 23:59:07 Network-Security-Event-Validation-System suricata: [19430] Info: suricata: Setting engine mode to IDS mode by default
Sep 12 23:59:07 Network-Security-Event-Validation-System suricata: [19430] Info: ioctl: em2: MTU 1500
Sep 12 23:59:07 Network-Security-Event-Validation-System suricata: [19430] Info: ioctl: em4: MTU 1500
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: conf: Running in live mode, activating unix socket
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: logopenfile: fast output device (regular) initialized: fast.log
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: logopenfile: eve-log output device (regular) initialized: eve.json
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: log-pcap: Using log dir /home/pcap-log
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: log-pcap: Selected pcap-log compression method: none
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: log-pcap: Selected pcap-log conditional logging: alerts
Sep 12 23:59:08 Network-Security-Event-Validation-System suricata: [19430] Info: log-pcap: using Sguil compatible logging
Sep 12 23:59:11 Network-Security-Event-Validation-System suricata: [19430] Info: detect: 5 rule files processed. 33392 rules successfully loaded, 0 rules failed
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028774, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028780, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028801, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028388, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028782, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028795, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028765, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: threshold-config: can't suppress sid 2028802, gid 1: unknown rule
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Info: threshold-config: Threshold config parsed: 46 rule(s) found
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Info: detect: 33393 signatures processed. 25 are IP-only rules, 7677 are inspecting packet payload, 25656 inspect application layer, 0 are decoder event only
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.http.binary' is checked but not set. Checked in 2019421 and 29 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.MCOFF' is checked but not set. Checked in 2022303 and 9 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2023313 and 25 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.mp4.in.http' is checked but not set. Checked in 2824302 and 5 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.atf.in.http' is checked but not set. Checked in 2824303 and 3 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.mp3.in.http' is checked but not set. Checked in 2832176 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.http.javaclient' is checked but not set. Checked in 2017181 and 5 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ETPRO.wget.UA' is checked but not set. Checked in 2820973 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.gocd.auth' is checked but not set. Checked in 2034333 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'dcerpc.rpcnetlogon' is checked but not set. Checked in 2030870 and 6 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.BonitaDefaultCreds' is checked but not set. Checked in 2036817 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.SecondaryFlash.Req' is checked but not set. Checked in 2829953 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'is_proto_irc' is checked but not set. Checked in 2002029 and 4 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.http.javaclient.vulnerable' is checked but not set. Checked in 2013036 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.gadu.loggedin' is checked but not set. Checked in 2807836 and 3 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.ELFDownload' is checked but not set. Checked in 2019896 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.DocVBAProject' is checked but not set. Checked in 2020170 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.MSSQL' is checked but not set. Checked in 2020569 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.armwget' is checked but not set. Checked in 2024242 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.HTA.Download' is checked but not set. Checked in 2816701 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.smb.binary' is checked but not set. Checked in 2027402 and 4 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.Socks5.OnionReq' is checked but not set. Checked in 2027704 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.autoit.ua' is checked but not set. Checked in 2019165 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ETPROtxtminhead' is checked but not set. Checked in 2843620 and 3 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.raiffeisenapk' is checked but not set. Checked in 2828074 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ETPRO.certutilhttp' is checked but not set. Checked in 2833774 and 3 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.Terse.Pastebin' is checked but not set. Checked in 2813075 and 1 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 1 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.tcpraw.png' is checked but not set. Checked in 2035477 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'http.dottedquadhost' is checked but not set. Checked in 2851981 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.generictelegram' is checked but not set. Checked in 2045614 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.telnet.busybox' is checked but not set. Checked in 2023019 and 2 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.zipfile' is checked but not set. Checked in 2814823 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET_EDGE_UA' is checked but not set. Checked in 2822100 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.fdf.in.http' is checked but not set. Checked in 2824313 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Warning: detect-flowbits: flowbit 'ET.EOT.Download' is checked but not set. Checked in 2828207 and 0 other sigs
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: TCP toserver: 76 port groups, 71 unique SGH's, 5 copies
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: TCP toclient: 76 port groups, 49 unique SGH's, 27 copies
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: UDP toserver: 76 port groups, 45 unique SGH's, 31 copies
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: UDP toclient: 29 port groups, 16 unique SGH's, 13 copies
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
Sep 12 23:59:12 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: OTHER toclient: 254 proto groups, 5 unique SGH's, 249 copies
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Unique rule groups: 191
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toserver TCP packet": 50
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toclient TCP packet": 28
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toserver TCP stream": 46
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toclient TCP stream": 23
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toserver UDP packet": 45
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "toclient UDP packet": 16
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: Builtin MPM "other IP packet": 5
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_uri (http)": 48
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_uri (http2)": 48
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_client_body (http)": 22
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 22
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_header (http)": 24
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_header (http)": 24
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_header (http2)": 24
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_header (http2)": 24
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_header_names (http)": 16
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_header_names (http)": 16
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 16
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 16
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_content_type (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_content_type (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http.server (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http.server (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http.location (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_start (http)": 8
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_start (http)": 8
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_method (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_method (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_cookie (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_cookie (http)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 14
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 14
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_host (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 3
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 4
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 6
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 1
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (nfs)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (nfs)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (smb)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (smb)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (ftp)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (ftp)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (http)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (http)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toclient file_data (http2)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (http2)": 31
Sep 12 23:59:13 Network-Security-Event-Validation-System suricata: [19430] Perf: detect: AppLayer MPM "toserver file_data (smtp)": 31
Sep 12 23:59:16 Network-Security-Event-Validation-System suricata: [19430] Perf: af-packet: em2: cluster_flow: 6 cores, using 6 threads
Sep 12 23:59:16 Network-Security-Event-Validation-System suricata: [19430] Info: runmodes: em2: creating 6 threads
Sep 12 23:59:16 Network-Security-Event-Validation-System suricata: [19444] Info: log-pcap: Initializing PCAP ring buffer for /home/pcap-log/alert.pcap.
Sep 12 23:59:16 Network-Security-Event-Validation-System suricata: [19444] Notice: log-pcap: Ring buffer initialized with 0 files.
Sep 12 23:59:17 Network-Security-Event-Validation-System suricata: [19430] Perf: af-packet: em4: cluster_flow: 6 cores, using 6 threads
Sep 12 23:59:17 Network-Security-Event-Validation-System suricata: [19430] Info: runmodes: em4: creating 6 threads
Sep 12 23:59:18 Network-Security-Event-Validation-System suricata: [19430] Info: unix-manager: unix socket '/home/Suricata/run/suricata/suricata-command.socket'
Sep 12 23:59:18 Network-Security-Event-Validation-System suricata: [19444] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:18 Network-Security-Event-Validation-System kernel: device em2 entered promiscuous mode
Sep 12 23:59:18 Network-Security-Event-Validation-System suricata: [19444] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19445] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19445] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19446] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19446] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19448] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19448] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19449] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19449] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19450] Perf: af-packet: em2: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19450] Perf: af-packet: em2: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19451] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System kernel: device em4 entered promiscuous mode
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19451] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19452] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19452] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19453] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19453] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19454] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19454] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19456] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19456] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19457] Perf: af-packet: em4: setting socket buffer to 2147483647
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19457] Perf: af-packet: em4: rx ring params: block_size=1048576 block_nr=155 frame_size=1616 frame_nr=100440 (mem: 162529280)
Sep 12 23:59:19 Network-Security-Event-Validation-System suricata: [19430] Notice: threads: Threads created -> W: 12 FM: 1 FR: 1   Engine started.
Sep 13 00:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5963 of user root.
Sep 13 00:00:01 Network-Security-Event-Validation-System systemd: Started Session 5964 of user root.
Sep 13 00:00:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:01:01 Network-Security-Event-Validation-System systemd: Started Session 5965 of user root.
Sep 13 00:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:10:01 Network-Security-Event-Validation-System systemd: Started Session 5966 of user root.
Sep 13 00:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:20:01 Network-Security-Event-Validation-System systemd: Started Session 5967 of user root.
Sep 13 00:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:30:01 Network-Security-Event-Validation-System systemd: Started Session 5968 of user root.
Sep 13 00:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:40:01 Network-Security-Event-Validation-System systemd: Started Session 5969 of user root.
Sep 13 00:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 00:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 00:50:01 Network-Security-Event-Validation-System systemd: Started Session 5970 of user root.
Sep 13 00:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5971 of user root.
Sep 13 01:00:01 Network-Security-Event-Validation-System systemd: Started Session 5972 of user root.
Sep 13 01:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:01:01 Network-Security-Event-Validation-System systemd: Started Session 5973 of user root.
Sep 13 01:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:10:01 Network-Security-Event-Validation-System systemd: Started Session 5974 of user root.
Sep 13 01:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:20:01 Network-Security-Event-Validation-System systemd: Started Session 5975 of user root.
Sep 13 01:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:30:01 Network-Security-Event-Validation-System systemd: Started Session 5976 of user root.
Sep 13 01:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:40:01 Network-Security-Event-Validation-System systemd: Started Session 5977 of user root.
Sep 13 01:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 01:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 01:50:01 Network-Security-Event-Validation-System systemd: Started Session 5978 of user root.
Sep 13 01:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5979 of user root.
Sep 13 02:00:01 Network-Security-Event-Validation-System systemd: Started Session 5980 of user root.
Sep 13 02:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:01:01 Network-Security-Event-Validation-System systemd: Started Session 5981 of user root.
Sep 13 02:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:10:01 Network-Security-Event-Validation-System systemd: Started Session 5982 of user root.
Sep 13 02:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:20:01 Network-Security-Event-Validation-System systemd: Started Session 5983 of user root.
Sep 13 02:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:30:01 Network-Security-Event-Validation-System systemd: Started Session 5984 of user root.
Sep 13 02:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:40:01 Network-Security-Event-Validation-System systemd: Started Session 5985 of user root.
Sep 13 02:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 02:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 02:50:01 Network-Security-Event-Validation-System systemd: Started Session 5986 of user root.
Sep 13 02:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 03:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5988 of user root.
Sep 13 03:00:01 Network-Security-Event-Validation-System systemd: Started Session 5987 of user root.
Sep 13 03:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 03:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 03:01:01 Network-Security-Event-Validation-System systemd: Started Session 5989 of user root.
Sep 13 03:10:01 Network-Security-Event-Validation-System systemd: Started Session 5990 of user root.
Sep 13 03:20:01 Network-Security-Event-Validation-System systemd: Started Session 5991 of user root.
Sep 13 03:30:01 Network-Security-Event-Validation-System systemd: Started Session 5992 of user root.
Sep 13 03:40:01 Network-Security-Event-Validation-System systemd: Started Session 5993 of user root.
Sep 13 03:50:01 Network-Security-Event-Validation-System systemd: Started Session 5994 of user root.
Sep 13 03:50:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5995 of user root.
Sep 13 04:00:01 Network-Security-Event-Validation-System systemd: Started Session 5996 of user root.
Sep 13 04:00:02 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:01:01 Network-Security-Event-Validation-System systemd: Started Session 5997 of user root.
Sep 13 04:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:10:01 Network-Security-Event-Validation-System systemd: Started Session 5998 of user root.
Sep 13 04:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:20:01 Network-Security-Event-Validation-System systemd: Started Session 5999 of user root.
Sep 13 04:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:30:01 Network-Security-Event-Validation-System systemd: Started Session 6000 of user root.
Sep 13 04:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:40:01 Network-Security-Event-Validation-System systemd: Started Session 6001 of user root.
Sep 13 04:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 04:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 04:50:01 Network-Security-Event-Validation-System systemd: Started Session 6002 of user root.
Sep 13 04:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 6003 of user root.
Sep 13 05:00:01 Network-Security-Event-Validation-System systemd: Started Session 6004 of user root.
Sep 13 05:00:03 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:01:01 Network-Security-Event-Validation-System systemd: Started Session 6005 of user root.
Sep 13 05:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:10:01 Network-Security-Event-Validation-System systemd: Started Session 6006 of user root.
Sep 13 05:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:20:01 Network-Security-Event-Validation-System systemd: Started Session 6007 of user root.
Sep 13 05:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:30:01 Network-Security-Event-Validation-System systemd: Started Session 6008 of user root.
Sep 13 05:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:40:01 Network-Security-Event-Validation-System systemd: Started Session 6009 of user root.
Sep 13 05:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 05:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 05:50:01 Network-Security-Event-Validation-System systemd: Started Session 6010 of user root.
Sep 13 05:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 6011 of user root.
Sep 13 06:00:01 Network-Security-Event-Validation-System systemd: Started Session 6012 of user root.
Sep 13 06:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:01:01 Network-Security-Event-Validation-System systemd: Started Session 6013 of user root.
Sep 13 06:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:10:01 Network-Security-Event-Validation-System systemd: Started Session 6014 of user root.
Sep 13 06:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:20:01 Network-Security-Event-Validation-System systemd: Started Session 6015 of user root.
Sep 13 06:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:30:01 Network-Security-Event-Validation-System systemd: Started Session 6016 of user root.
Sep 13 06:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:40:01 Network-Security-Event-Validation-System systemd: Started Session 6017 of user root.
Sep 13 06:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 06:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 06:50:01 Network-Security-Event-Validation-System systemd: Started Session 6018 of user root.
Sep 13 06:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 6019 of user root.
Sep 13 07:00:01 Network-Security-Event-Validation-System systemd: Started Session 6020 of user root.
Sep 13 07:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:01:01 Network-Security-Event-Validation-System systemd: Started Session 6021 of user root.
Sep 13 07:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:10:01 Network-Security-Event-Validation-System systemd: Started Session 6022 of user root.
Sep 13 07:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:20:01 Network-Security-Event-Validation-System systemd: Started Session 6023 of user root.
Sep 13 07:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:30:01 Network-Security-Event-Validation-System systemd: Started Session 6024 of user root.
Sep 13 07:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:40:01 Network-Security-Event-Validation-System systemd: Started Session 6025 of user root.
Sep 13 07:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 07:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 07:50:01 Network-Security-Event-Validation-System systemd: Started Session 6026 of user root.
Sep 13 07:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 6027 of user root.
Sep 13 08:00:01 Network-Security-Event-Validation-System systemd: Started Session 6028 of user root.
Sep 13 08:00:04 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:01:01 Network-Security-Event-Validation-System systemd: Started Session 6029 of user root.
Sep 13 08:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:10:01 Network-Security-Event-Validation-System systemd: Started Session 6030 of user root.
Sep 13 08:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:20:01 Network-Security-Event-Validation-System systemd: Started Session 6031 of user root.
Sep 13 08:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:30:01 Network-Security-Event-Validation-System systemd: Started Session 6032 of user root.
Sep 13 08:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:40:01 Network-Security-Event-Validation-System systemd: Started Session 6033 of user root.
Sep 13 08:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 08:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 08:50:01 Network-Security-Event-Validation-System systemd: Started Session 6034 of user root.
Sep 13 08:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 6035 of user root.
Sep 13 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 6037 of user root.
Sep 13 09:00:01 Network-Security-Event-Validation-System systemd: Started Session 6036 of user root.
Sep 13 09:00:05 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:01:01 Network-Security-Event-Validation-System systemd: Started Session 6038 of user root.
Sep 13 09:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:10:01 Network-Security-Event-Validation-System systemd: Started Session 6039 of user root.
Sep 13 09:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:20:01 Network-Security-Event-Validation-System systemd: Started Session 6040 of user root.
Sep 13 09:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:30:01 Network-Security-Event-Validation-System systemd: Started Session 6041 of user root.
Sep 13 09:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:40:01 Network-Security-Event-Validation-System systemd: Started Session 6042 of user root.
Sep 13 09:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 09:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 09:50:01 Network-Security-Event-Validation-System systemd: Started Session 6043 of user root.
Sep 13 09:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:00:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 6044 of user root.
Sep 13 10:00:01 Network-Security-Event-Validation-System systemd: Started Session 6045 of user root.
Sep 13 10:00:06 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:01:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:01:01 Network-Security-Event-Validation-System systemd: Started Session 6046 of user root.
Sep 13 10:01:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:10:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:10:01 Network-Security-Event-Validation-System systemd: Started Session 6047 of user root.
Sep 13 10:10:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:19:48 Network-Security-Event-Validation-System sshd[17857]: Accepted password for root from 10.45.118.36 port 51001 ssh2
Sep 13 10:19:49 Network-Security-Event-Validation-System root[17892]: CMDLOG: (10.45.118.36) - PATH=$PATH:$HOME/bin
Sep 13 10:19:49 Network-Security-Event-Validation-System root[17893]: CMDLOG: (10.45.118.36) - export PATH
Sep 13 10:19:49 Network-Security-Event-Validation-System root[17894]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:20:00 Network-Security-Event-Validation-System root[17916]: CMDLOG: (10.45.118.36) - cat /home/Suricata/log/suricata/suricata
Sep 13 10:20:00 Network-Security-Event-Validation-System root[17918]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:20:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:20:01 Network-Security-Event-Validation-System systemd: Started Session 6048 of user root.
Sep 13 10:20:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:20:09 Network-Security-Event-Validation-System root[17942]: CMDLOG: (10.45.118.36) - cat /home/Suricata/log/suricata/suricata-logrotate
Sep 13 10:20:09 Network-Security-Event-Validation-System root[17944]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:30:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:30:01 Network-Security-Event-Validation-System systemd: Started Session 6049 of user root.
Sep 13 10:30:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:35:08 Network-Security-Event-Validation-System root[18684]: CMDLOG: (10.45.118.36) - cat /etc/crontab
Sep 13 10:35:08 Network-Security-Event-Validation-System root[18686]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:36:13 Network-Security-Event-Validation-System root[18745]: CMDLOG: (10.45.118.36) - service suricata status
Sep 13 10:36:13 Network-Security-Event-Validation-System root[18757]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:36:22 Network-Security-Event-Validation-System root[18765]: CMDLOG: (10.45.118.36) - cat /usr/lib/systemd/system/suricata.service
Sep 13 10:36:22 Network-Security-Event-Validation-System root[18767]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:36:50 Network-Security-Event-Validation-System root[18790]: CMDLOG: (10.45.118.36) - /home/Suricata/bin/suricata -V
Sep 13 10:36:50 Network-Security-Event-Validation-System root[18792]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:37:48 Network-Security-Event-Validation-System root[18967]: CMDLOG: (10.45.118.36) - vim /home/Suricata/suricata/suricata.yaml
Sep 13 10:37:54 Network-Security-Event-Validation-System root[18974]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:40:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:40:01 Network-Security-Event-Validation-System systemd: Started Session 6050 of user root.
Sep 13 10:40:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:40:39 Network-Security-Event-Validation-System root[19125]: CMDLOG: (10.45.118.36) - cat /var/log/messages
Sep 13 10:40:41 Network-Security-Event-Validation-System root[19130]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:44:59 Network-Security-Event-Validation-System root[19339]: CMDLOG: (10.45.118.36) - ls --color=auto -l --color=auto /core.*
Sep 13 10:44:59 Network-Security-Event-Validation-System root[19341]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:45:35 Network-Security-Event-Validation-System root[19388]: CMDLOG: (10.45.118.36) - adb /home/Suricata/bin/suricata /core.1545
Sep 13 10:45:35 Network-Security-Event-Validation-System root[19390]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:45:58 Network-Security-Event-Validation-System root[19410]: CMDLOG: (10.45.118.36) - gdb /home/Suricata/bin/suricata /core.1545
Sep 13 10:48:41 Network-Security-Event-Validation-System root[19563]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:48:44 Network-Security-Event-Validation-System root[19566]: CMDLOG: (10.45.118.36) - vim /home/Suricata/suricata/suricata.yaml
Sep 13 10:48:46 Network-Security-Event-Validation-System root[19570]: CMDLOG: (10.45.118.36) - history -a
Sep 13 10:50:01 Network-Security-Event-Validation-System systemd: Created slice User Slice of root.
Sep 13 10:50:01 Network-Security-Event-Validation-System systemd: Started Session 6051 of user root.
Sep 13 10:50:01 Network-Security-Event-Validation-System systemd: Removed slice User Slice of root.
Sep 13 10:51:29 Network-Security-Event-Validation-System root[19719]: CMDLOG:  - /usr/libexec/sftp-server
Sep 13 10:51:29 Network-Security-Event-Validation-System sftp-server[19709]: error: Unknown extended request "fs-multiple-roots-supported@vandyke.com"
Sep 13 10:51:29 Network-Security-Event-Validation-System sftp-server[19709]: error: Unknown extended request "vendor-id"
