Project

General

Profile

Bug #1589

Updated by Victor Julien over 8 years ago

<pre> 
 # uname -rm 
 3.2.71-main-grsec-spoofy x86_64 (without PaX) 
 </pre> 

 <pre> 
 # suricata --build-info 
 This is Suricata version 2.1dev (rev 86711a1) 
 Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON PROFILING TLS  
 SIMD support: SSE_4_2 SSE_4_1 SSE_3  
 Atomic intrisics: 1 2 4 8 16 byte(s) 
 64-bits, Little-endian architecture 
 GCC version 4.6.3, C version 199901 
 compiled with -fstack-protector 
 compiled with _FORTIFY_SOURCE=2 
 L1 cache line size (CLS)=64 
 thread local storage method: __thread 
 compiled with LibHTP v0.5.18, linked against LibHTP v0.5.18 

 Suricata Configuration: 
   AF_PACKET support:                         yes 
   PF_RING support:                           yes 
   NFQueue support:                           yes 
   NFLOG support:                             no 
   IPFW support:                              no 
   Netmap support:                            no 
   DAG enabled:                               no 
   Napatech enabled:                          no 

   Unix socket enabled:                       yes 
   Detection enabled:                         yes 

   libnss support:                            yes 
   libnspr support:                           yes 
   libjansson support:                        yes 
   hiredis support:                           no 
   Prelude support:                           no 
   PCRE jit:                                  no 
   LUA support:                               yes, through luajit 
   libluajit:                                 yes 
   libgeoip:                                  yes 
   Non-bundled htp:                           no 
   Old barnyard2 support:                     no 
   CUDA enabled:                              no 

   Suricatasc install:                        yes 

   Unit tests enabled:                        no 
   Debug output enabled:                      no 
   Debug validation enabled:                  no 
   Profiling enabled:                         yes 
   Profiling locks enabled:                   no 
   Coccinelle / spatch:                       no 

 Generic build parameters: 
   Installation prefix:                       /usr 
   Configuration directory:                   /etc/suricata/ 
   Log directory:                             /var/log/suricata/ 

   --prefix                                   /usr 
   --sysconfdir                               /etc 
   --localstatedir                            /var 

   Host:                                      x86_64-unknown-linux-gnu 
   Compiler:                                  gcc (exec name) / gcc (real) 
   GCC Protect enabled:                       no 
   GCC march native enabled:                  yes 
   GCC Profile enabled:                       no 
   Position Independent Executable enabled: no 
   CFLAGS                                     -g -O2 -march=native 
   PCAP_CFLAGS                                 -I/usr/include 
   SECCFLAGS  
 </pre>  



   



 (Apologize for the mess in configuration file) 

 Run with workers mode: 
 <pre> 
 # /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 1 -D --runmode workers 
 </pre> 

 <pre> 
 # cat /var/log/suricata.log  
 [29933] 4/11/2015 -- 15:38:52 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev 86711a1) 
 [29933] 4/11/2015 -- 15:38:52 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'request-body-minimal-inspect-size' set to 34116 and 'request-body-inspect-window' set to 3973 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'response-body-minimal-inspect-size' set to 32229 and 'response-body-inspect-window' set to 4205 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'request-body-minimal-inspect-size' set to 32040 and 'request-body-inspect-window' set to 4118 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'response-body-minimal-inspect-size' set to 32694 and 'response-body-inspect-window' set to 4148 after randomization. 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:337) <Info> (DNSUDPConfigure) -- DNS request flood protection level: 500 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:349) <Info> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:361) <Info> (DNSUDPConfigure) -- DNS global memcap: 16777216 
 [29933] 4/11/2015 -- 15:38:52 - (app-layer-modbus.c:1457) <Info> (RegisterModbusParsers) -- Modbus request flood protection level: 500 
 [29933] 4/11/2015 -- 15:38:52 - (source-nfq.c:286) <Info> (NFQInitConfig) -- NFQ running in standard ACCEPT/DROP mode 
 [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:209) <Info> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 
 [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:234) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168 
 [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:241) <Info> (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432 
 [29933] 4/11/2015 -- 15:38:52 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer 
 [29934] 4/11/2015 -- 15:38:52 - (host.c:215) <Info> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 
 [29934] 4/11/2015 -- 15:38:52 - (host.c:238) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 136 
 [29934] 4/11/2015 -- 15:38:52 - (host.c:240) <Info> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 16777216 
 [29934] 4/11/2015 -- 15:38:52 - (flow.c:441) <Info> (FlowInitConfig) -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 
 [29934] 4/11/2015 -- 15:38:52 - (flow.c:465) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 288 
 [29934] 4/11/2015 -- 15:38:52 - (flow.c:467) <Info> (FlowInitConfig) -- flow memory usage: 7074304 bytes, maximum: 67108864 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": enabled 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig) -- stream."inline": enabled 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig) -- stream "max-synack-queued": 5 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 134217728 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2581 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2643 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:487) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250 
 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:500) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128 
 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:211) <Info> (IPPairInitConfig) -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 
 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:234) <Info> (IPPairInitConfig) -- preallocated 1000 ippairs of size 136 
 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:236) <Info> (IPPairInitConfig) -- ippair memory usage: 398144 bytes, maximum: 16777216 
 [29934] 4/11/2015 -- 15:38:52 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file /usr/share/file/magic 
 [29934] 4/11/2015 -- 15:38:52 - (suricata.c:1942) <Info> (SetupDelayedDetect) -- Delayed detect disabled 
 [29934] 4/11/2015 -- 15:38:52 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled 
 [29934] 4/11/2015 -- 15:38:52 - (util-profiling-keywords.c:387) <Info> (SCProfilingKeywordInitCounters) -- Registered 111 keyword profiling counters. 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/local.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:424) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/local.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/ciarmy.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/compromised.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/drop.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dshield.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-activex.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-attack_response.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-chat.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-current_events.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dns.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dos.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-exploit.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-ftp.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-games.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-icmp_info.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-imap.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-malware.rules 
 [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-misc.rules 
 [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules 
 [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-netbios.rules 
 [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-p2p.rules 
 [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-policy.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-pop3.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-rpc.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scada.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scan.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-shellcode.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-smtp.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-snmp.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-sql.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-telnet.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-tftp.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-trojan.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-user_agents.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-voip.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_client.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_server.rules 
 [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-worm.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tor.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/app-layer-events.rules 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:523) <Info> (SigLoadSignatures) -- 50 rule files processed. 17234 rules successfully loaded, 0 rules failed 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:2987) <Info> (SigAddressPrepareStage1) -- 17242 signatures processed. 880 are IP-only rules, 6503 are inspecting packet payload, 12990 inspect application layer, 72 are decoder event only 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:2990) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete 
 [29934] 4/11/2015 -- 15:38:56 - (detect.c:3623) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete 
 [29934] 4/11/2015 -- 15:38:57 - (detect.c:4148) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete 
 [29934] 4/11/2015 -- 15:38:58 - (util-profiling-rules.c:589) <Info> (SCProfilingRuleInitCounters) -- Registered 17242 rule profiling counters. 
 [29934] 4/11/2015 -- 15:38:58 - (util-threshold-config.c:1188) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found 
 [29934] 4/11/2015 -- 15:38:58 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited. 
 [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'alert' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'http' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'dns' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'tls' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'files' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'smtp' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'ssh' 
 [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'stats' 
 [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log 
 [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- drop output device (regular) initialized: drop.log 
 [29935] 4/11/2015 -- 15:38:58 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 
 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:589) <Info> (NFQInitThread) -- binding this thread 0 to queue '1' 
 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:611) <Info> (NFQInitThread) -- setting queue length to 4096 
 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:624) <Info> (NFQInitThread) -- setting nfnl bufsize to 6144000 
 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:388) <Info> (NFQMutexInit) -- NFQ running in 'workers' runmode, will not use mutex. 
 </pre> 

 Kernel log: 
 <pre> 
 Nov    4 15:38:58 <hidden hostname here> kernel: grsec: From <hidden IP address here>: Segmentation fault occurred at 0000000000000024 in /usr/bin/suricata[Worker-Q1:29935] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 
 </pre> 

 Run with autofp mode: 
 <pre> 
 # /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 1 -D --runmode autofp 
 </pre> 

 <pre> 
 # cat /var/log/suricata.log 
 [30013] 4/11/2015 -- 15:39:33 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev 86711a1) 
 [30013] 4/11/2015 -- 15:39:33 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect- 
 size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect 
 -size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'request-body-minimal-inspect-s 
 ize' set to 34116 and 'request-body-inspect-window' set to 3973 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'response-body-minimal-inspect- 
 size' set to 32229 and 'response-body-inspect-window' set to 4205 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'request-body-minimal-inspect-siz 
 e' set to 32040 and 'request-body-inspect-window' set to 4118 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'response-body-minimal-inspect-si 
 ze' set to 32694 and 'response-body-inspect-window' set to 4148 after randomization. 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:337) <Info> (DNSUDPConfigure) -- DNS request flood protection level: 500 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:349) <Info> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:361) <Info> (DNSUDPConfigure) -- DNS global memcap: 16777216 
 [30013] 4/11/2015 -- 15:39:33 - (app-layer-modbus.c:1457) <Info> (RegisterModbusParsers) -- Modbus request flood protection level: 500 
 [30013] 4/11/2015 -- 15:39:33 - (source-nfq.c:286) <Info> (NFQInitConfig) -- NFQ running in standard ACCEPT/DROP mode 
 [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:209) <Info> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 b 
 uckets of size 56 
 [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:234) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168 
 [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:241) <Info> (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432 
 [30013] 4/11/2015 -- 15:39:33 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer 
 [30014] 4/11/2015 -- 15:39:33 - (host.c:215) <Info> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of siz 
 e 64 
 [30014] 4/11/2015 -- 15:39:33 - (host.c:238) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 136 
 [30014] 4/11/2015 -- 15:39:33 - (host.c:240) <Info> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 16777216 
 [30014] 4/11/2015 -- 15:39:33 - (flow.c:441) <Info> (FlowInitConfig) -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of s 
 ize 64 
 [30014] 4/11/2015 -- 15:39:33 - (flow.c:465) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 288 
 [30014] 4/11/2015 -- 15:39:33 - (flow.c:467) <Info> (FlowInitConfig) -- flow memory usage: 7074304 bytes, maximum: 67108864 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": enabled 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig) -- stream."inline": enabled 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig) -- stream "max-synack-queued": 5 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 134217728 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2630 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2500 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:487) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250 
 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:500) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128 
 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:211) <Info> (IPPairInitConfig) -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets  
 of size 64 
 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:234) <Info> (IPPairInitConfig) -- preallocated 1000 ippairs of size 136 
 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:236) <Info> (IPPairInitConfig) -- ippair memory usage: 398144 bytes, maximum: 16777216 
 [30014] 4/11/2015 -- 15:39:33 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file /usr/share/file/magic 
 [30014] 4/11/2015 -- 15:39:33 - (suricata.c:1942) <Info> (SetupDelayedDetect) -- Delayed detect disabled 
 [30014] 4/11/2015 -- 15:39:33 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled 
 [30014] 4/11/2015 -- 15:39:33 - (util-profiling-keywords.c:387) <Info> (SCProfilingKeywordInitCounters) -- Registered 111 keyword profiling count 
 ers. 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/local.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:424) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata 
 /rules/local.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/ciarmy.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/compromised.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/drop.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dshield.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-activex.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-attack_response.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-chat.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-current_events.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dns.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dos.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-exploit.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-ftp.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-games.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-icmp_info.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-imap.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules 
 [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-malware.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-misc.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-netbios.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-p2p.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-policy.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-pop3.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-rpc.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scada.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scan.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-shellcode.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-smtp.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-snmp.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-sql.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-telnet.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-tftp.rules 
 [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-trojan.rules 
 [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-user_agents.rules 
 [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-voip.rules 
 [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_client.rules 
 [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_server.rules 
 [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rule 
 s 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-worm.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tor.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /e 
 tc/suricata/rules/app-layer-events.rules 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:523) <Info> (SigLoadSignatures) -- 50 rule files processed. 17234 rules successfully loaded, 0 rules fa 
 iled 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:2987) <Info> (SigAddressPrepareStage1) -- 17242 signatures processed. 880 are IP-only rules, 6503 are i 
 nspecting packet payload, 12990 inspect application layer, 72 are decoder event only 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:2990) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing 
  rules... complete 
 [30014] 4/11/2015 -- 15:39:36 - (detect.c:3623) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building sour 
 ce address list... complete 
 [30014] 4/11/2015 -- 15:39:38 - (detect.c:4148) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building dest 
 ination address lists... complete 
 [30014] 4/11/2015 -- 15:39:38 - (util-profiling-rules.c:589) <Info> (SCProfilingRuleInitCounters) -- Registered 17242 rule profiling counters. 
 [30014] 4/11/2015 -- 15:39:38 - (util-threshold-config.c:1188) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found 
 [30014] 4/11/2015 -- 15:39:38 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited. 
 [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'alert' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'http' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'dns' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'tls' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'files' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'smtp' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'ssh' 
 [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'stats' 
 [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log 
 [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- drop output device (regular) initialized: drop.log 
 [30021] 4/11/2015 -- 15:39:38 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 
 [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:589) <Info> (NFQInitThread) -- binding this thread 0 to queue '1' 
 [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:611) <Info> (NFQInitThread) -- setting queue length to 4096 
 [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:624) <Info> (NFQInitThread) -- setting nfnl bufsize to 6144000 
 [30014] 4/11/2015 -- 15:39:39 - (flow-manager.c:721) <Info> (FlowManagerThreadSpawn) -- using 1 flow manager threads 
 [30035] 4/11/2015 -- 15:39:39 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 
 [30014] 4/11/2015 -- 15:39:39 - (flow-manager.c:881) <Info> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads 
 [30014] 4/11/2015 -- 15:39:39 - (tm-threads.c:2001) <Notice> (TmThreadWaitOnThreadInit) -- all 14 packet processing threads, 4 management threads 
  initialized, engine started. 
 </pre>

Back