Bug #7184
Updated by Victor Julien 3 months ago
In Surica version 7.0.0, the rules regarding IP cannot be correctly resolved. <pre> [31453] 30/7/2024 -- 15:01:56 - (suricata.c:1142) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (5280e0c 2023-12-12) running in USER mode [31453] 30/7/2024 -- 15:01:56 - (util-cpu.c:178) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 32 [31453] 30/7/2024 -- 15:01:56 - (app-layer-htp.c:2520) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33090 and 'request-body-inspect-window' set to 4032 after randomization. [31453] 30/7/2024 -- 15:01:56 - (app-layer-htp.c:2533) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 42734 and 'response-body-inspect-window' set to 16980 after randomization. [31453] 30/7/2024 -- 15:01:56 - (app-layer-enip.c:480) <Config> (RegisterENIPUDPParsers) -- Protocol detection and parser disabled for enip protocol. [31453] 30/7/2024 -- 15:01:56 - (app-layer-dnp3.c:1587) <Config> (RegisterDNP3Parsers) -- Protocol detection and parser disabled for DNP3. [31453] 30/7/2024 -- 15:01:56 - (suricata.c:2653) <Info> (PostConfLoadedSetup) -- == Carrying out Engine Analysis == [31453] 30/7/2024 -- 15:01:56 - (host.c:263) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 [31453] 30/7/2024 -- 15:01:56 - (host.c:286) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136 [31453] 30/7/2024 -- 15:01:56 - (host.c:288) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432 [31453] 30/7/2024 -- 15:01:56 - (util-coredump-config.c:149) <Config> (CoredumpLoadConfig) -- Core dump size set to unlimited. [31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:254) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 [31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:279) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 160 [31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:286) <Config> (DefragInitConfig) -- defrag memory usage: 14155616 bytes, maximum: 33554432 [31453] 30/7/2024 -- 15:01:57 - (flow.c:645) <Config> (FlowInitConfig) -- flow size 320, memcap allows for 100663296 flows. Per hash row in perfect conditions 15 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:391) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:410) <Config> (StreamTcpInitConfig) -- stream "memcap": 67108864 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:418) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:424) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:441) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": enabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:469) <Config> (StreamTcpInitConfig) -- stream."inline": disabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:482) <Config> (StreamTcpInitConfig) -- stream "bypass": enabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:504) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:526) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:544) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:619) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2622 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:621) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2558 [31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:633) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled [31453] 30/7/2024 -- 15:01:57 - (stream-tcp-reassemble.c:400) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048 %5|1722322917.139|CONFWARN|rdkafka#producer-1| [thrd:app]: No `bootstrap.servers` configured: client will not be able to connect to Kafka cluster [31453] 30/7/2024 -- 15:01:57 - (runmodes.c:664) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert' [31453] 30/7/2024 -- 15:01:57 - (util-logopenfile.c:598) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log [31453] 30/7/2024 -- 15:01:57 - (suricata.c:2320) <Config> (SetupDelayedDetect) -- Delayed detect disabled [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2338) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: hs, SPM: hs [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2654) <Config> (DetectEngineCtxLoadConf) -- toclient-groups 65000 [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2671) <Config> (DetectEngineCtxLoadConf) -- toserver-groups 65000 [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2744) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2768) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060 [31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2796) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.init_spi [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.resp_spi [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.vendor [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.nonce_payload [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.nonce_payload [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.key_exchange_payload [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.key_exchange_payload [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.sni [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_issuer [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_subject [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_serial [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_fingerprint [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.certs [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.hash [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.string [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.hash [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.string [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_named_pipe [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_share [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.string [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server.string [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_cname [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_sname [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.uri [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.stat_msg [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.request_line [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.response_line [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for rfb.name [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.clientid [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.username [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.password [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willtopic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willmessage [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.topic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.message [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.subscribe.topic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.unsubscribe.topic [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_sni [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_ua [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_version [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_version [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic.cyu.hash [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic.cyu.string [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for icmpv4.hdr [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for tcp.hdr [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for udp.hdr [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for icmpv6.hdr [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv4.hdr [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv6.hdr [31453] 30/7/2024 -- 15:01:57 - (reputation.c:609) <Config> (SRepInit) -- IP reputation disabled [31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:309) <Info> (SetupFPAnalyzer) -- Engine-Analysis for fast_pattern printed to file - ./rules_fast_pattern.txt [31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:357) <Info> (SetupRuleAnalyzer) -- Engine-Analysis for rules printed to file - ./rules_analysis.txt [31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:251) <Config> (ProcessSigFiles) -- Loading rule file: test.rules [31453] 30/7/2024 -- 15:01:57 - (detect-engine-iponly.c:880) <Error> (IPOnlySigParseAddress) -- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse addresses [31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ip $HOME_NET any -> [192.9.135.73] any (msg:"ET CNC Feodo Tracker Reported CnC Server group 1"; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,feodotracker.abuse.ch; threshold: type limit, track by_src, seconds 3600, count 1; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; classtype:trojan-activity; sid:2404300; rev:7265; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Banking_Trojan, signature_severity Major, created_at 2014_11_04, updated_at 2024_07_26;)" from file test.rules at line 1 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:340) <Config> (SigLoadSignatures) -- No rules loaded from test.rules [31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:347) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded! [31453] 30/7/2024 -- 15:01:57 - (util-threshold-config.c:254) <Warning> (SCThresholdConfInitContext) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/data/sec/new_nids/etc/suricata//threshold.config": No such file or directory [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1473) <Info> (SigAddressPrepareStage1) -- 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1476) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- TCP toserver: 0 port groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- TCP toclient: 0 port groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- UDP toserver: 0 port groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- UDP toclient: 0 port groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1064) <Perf> (RulesGroupByProto) -- OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1101) <Perf> (RulesGroupByProto) -- OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1840) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 0 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:417) <Info> (CleanupRuleAnalyzer) -- Engine-Analysis for rules printed to file - ./rules_analysis.txt [31453] 30/7/2024 -- 15:01:57 - (host.c:303) <Perf> (HostPrintStats) -- host memory usage: 398144 bytes, maximum: 33554432 [31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1775) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete [31453] 30/7/2024 -- 15:01:57 - (util-device.c:359) <Notice> (LiveDeviceListClean) -- Stats for '.': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 [31453] 30/7/2024 -- 15:01:57 - (util-mpm-hs.c:1078) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [31453] 30/7/2024 -- 15:01:57 - (util-mpm-hs.c:1086) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache </pre>