|
sudo suricata -c /usr/local/etc/suricata/suricata.yaml --pfring-int="zc:eth3" --pfring-cluster-id=1 --pfring-cluster-type=cluster_flow -vvv --init-errors-fatal
|
|
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"
|
|
6/7/2016 -- 04:08:21 - <Notice> - This is Suricata version 3.1 RELEASE
|
|
6/7/2016 -- 04:08:21 - <Info> - CPUs/cores online: 6
|
|
6/7/2016 -- 04:08:21 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
|
|
6/7/2016 -- 04:08:21 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization.
|
|
6/7/2016 -- 04:08:21 - <Config> - DNS request flood protection level: 500
|
|
6/7/2016 -- 04:08:21 - <Config> - DNS per flow memcap (state-memcap): 524288
|
|
6/7/2016 -- 04:08:21 - <Config> - DNS global memcap: 16777216
|
|
6/7/2016 -- 04:08:21 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl for 'zc:eth3': No such device (19)
|
|
6/7/2016 -- 04:08:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
|
|
6/7/2016 -- 04:08:21 - <Config> - preallocated 65535 defrag trackers of size 168
|
|
6/7/2016 -- 04:08:21 - <Config> - defrag memory usage: 14679896 bytes, maximum: 33554432
|
|
6/7/2016 -- 04:08:21 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
6/7/2016 -- 04:08:21 - <Config> - preallocated 1000 hosts of size 136
|
|
6/7/2016 -- 04:08:21 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
|
|
6/7/2016 -- 04:08:21 - <Config> - using magic-file /usr/share/file/magic
|
|
6/7/2016 -- 04:08:21 - <Config> - Core dump size set to unlimited.
|
|
6/7/2016 -- 04:08:21 - <Config> - allocated 8388608 bytes of memory for the flow hash... 131072 buckets of size 64
|
|
6/7/2016 -- 04:08:21 - <Config> - preallocated 100000 flows of size 296
|
|
6/7/2016 -- 04:08:21 - <Config> - flow memory usage: 37988608 bytes, maximum: 268435456
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "memcap": 134217728
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "midstream" session pickups: disabled
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "async-oneside": disabled
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "checksum-validation": enabled
|
|
6/7/2016 -- 04:08:21 - <Config> - stream."inline": disabled
|
|
6/7/2016 -- 04:08:21 - <Config> - stream "max-synack-queued": 5
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "memcap": 134217728
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "depth": 1048576
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "toserver-chunk-size": 2590
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "toclient-chunk-size": 2544
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly.raw: enabled
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 4, prealloc 256
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 16, prealloc 512
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 112, prealloc 512
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 248, prealloc 512
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 512, prealloc 512
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 768, prealloc 1024
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 1448, prealloc 1024
|
|
6/7/2016 -- 04:08:21 - <Config> - segment pool: pktsize 65535, prealloc 128
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "chunk-prealloc": 250
|
|
6/7/2016 -- 04:08:21 - <Config> - stream.reassembly "zero-copy-size": 128
|
|
6/7/2016 -- 04:08:21 - <Config> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
|
|
6/7/2016 -- 04:08:21 - <Config> - preallocated 1000 ippairs of size 136
|
|
6/7/2016 -- 04:08:21 - <Config> - ippair memory usage: 398144 bytes, maximum: 16777216
|
|
6/7/2016 -- 04:08:21 - <Config> - Delayed detect disabled
|
|
6/7/2016 -- 04:08:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
|
|
6/7/2016 -- 04:08:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
|
|
6/7/2016 -- 04:08:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
|
|
6/7/2016 -- 04:08:21 - <Config> - IP reputation disabled
|
|
6/7/2016 -- 04:08:21 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/botcc.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/ciarmy.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/compromised.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/drop.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/dshield.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-activex.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-attack_response.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-chat.rules
|
|
6/7/2016 -- 04:08:22 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-current_events.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-dns.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-dos.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-exploit.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-ftp.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-imap.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-malware.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-misc.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-netbios.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-p2p.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-policy.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-pop3.rules
|
|
6/7/2016 -- 04:08:23 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-rpc.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-scan.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-shellcode.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-smtp.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-snmp.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-sql.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-telnet.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-tftp.rules
|
|
6/7/2016 -- 04:08:24 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-trojan.rules
|
|
6/7/2016 -- 04:08:25 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-user_agents.rules
|
|
6/7/2016 -- 04:08:25 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-voip.rules
|
|
6/7/2016 -- 04:08:25 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-web_client.rules
|
|
6/7/2016 -- 04:08:25 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-web_server.rules
|
|
6/7/2016 -- 04:08:25 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-web_specific_apps.rules
|
|
6/7/2016 -- 04:08:28 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/emerging-worm.rules
|
|
6/7/2016 -- 04:08:28 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/tor.rules
|
|
6/7/2016 -- 04:08:28 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/dns-events.rules
|
|
6/7/2016 -- 04:08:28 - <Info> - Loading rule file: /usr/local/etc/suricata/rules/tls-events.rules
|
|
6/7/2016 -- 04:08:28 - <Info> - 38 rule files processed. 17860 rules successfully loaded, 0 rules failed
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for tcp-packet
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for tcp-stream
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for udp-packet
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for other-ip
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_uri
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_raw_uri
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_header
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_header
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_user_agent
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_raw_header
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_raw_header
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_method
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for file_data
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for file_data
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_stat_msg
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_stat_code
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_client_body
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_host
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_raw_host
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_cookie
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for http_cookie
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for dns_query
|
|
6/7/2016 -- 04:08:28 - <Perf> - using shared mpm ctx' for tls_sni
|
|
6/7/2016 -- 04:08:28 - <Info> - 17868 signatures processed. 1180 are IP-only rules, 5787 are inspecting packet payload, 13252 inspect application layer, 0 are decoder event only
|
|
6/7/2016 -- 04:08:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
|
|
6/7/2016 -- 04:08:28 - <Perf> - TCP toserver: 41 port groups, 41 unique SGH's, 0 copies
|
|
6/7/2016 -- 04:08:28 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
|
|
6/7/2016 -- 04:08:28 - <Perf> - UDP toserver: 41 port groups, 32 unique SGH's, 9 copies
|
|
6/7/2016 -- 04:08:28 - <Perf> - UDP toclient: 21 port groups, 13 unique SGH's, 8 copies
|
|
6/7/2016 -- 04:08:28 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
|
|
6/7/2016 -- 04:08:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
|
|
6/7/2016 -- 04:08:29 - <Perf> - Unique rule groups: 110
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toserver TCP packet": 30
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toclient TCP packet": 20
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toserver TCP stream": 34
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toclient TCP stream": 21
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toserver UDP packet": 31
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "toclient UDP packet": 12
|
|
6/7/2016 -- 04:08:29 - <Perf> - Builtin MPM "other IP packet": 2
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_uri": 9
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_header": 9
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toclient http_header": 4
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_method": 4
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver file_data": 1
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toclient file_data": 5
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_client_body": 6
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toserver http_cookie": 2
|
|
6/7/2016 -- 04:08:29 - <Perf> - AppLayer MPM "toclient http_cookie": 3
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210000, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210001, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210002, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210003, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210004, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210005, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210006, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210007, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210008, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210009, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210010, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210011, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210012, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210013, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210014, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210015, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210016, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210017, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210018, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210019, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210020, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210021, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210022, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210023, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210024, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2200025, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210026, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210027, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210028, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210029, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210030, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210031, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210032, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210033, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210034, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210035, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210036, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210038, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210039, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210040, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210042, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210043, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210044, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210045, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210046, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210047, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210050, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210052, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210053, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210054, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210055, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210056, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2221008, gid 1: unknown rule
|
|
6/7/2016 -- 04:08:29 - <Info> - Threshold config parsed: 60 rule(s) found
|
|
6/7/2016 -- 04:08:29 - <Info> - stats output device (regular) initialized: stats.log
|
|
6/7/2016 -- 04:08:29 - <Config> - AutoFP mode using "Hash" flow load balancer
|
|
6/7/2016 -- 04:08:29 - <Info> - Using flow cluster mode for PF_RING (iface zc:eth3)
|
|
6/7/2016 -- 04:08:29 - <Info> - Going to use 1 ReceivePfring receive thread(s)
|
|
6/7/2016 -- 04:08:30 - <Info> - ZC interface detected, not adding thread to cluster
|
|
6/7/2016 -- 04:08:30 - <Info> - (RX#01) Using PF_RING v.6.3.0, interface zc:eth3, cluster-id 1, single-pfring-thread
|
|
suricata: flow-worker.c:98: FlowWorkerThreadInit: Assertion `!(DetectEngineThreadCtxInit(tv, ((void *)0), &detect_thread) != TM_ECODE_OK)' failed.
|
|
|