Project

General

Profile

Bug #4629 » out.txt

Martin Rehak, 07/01/2021 08:52 AM

 
# suricata --pcap=igb0 -vvvv
1/7/2021 -- 10:34:04 - <Notice> - This is Suricata version 6.0.2 RELEASE running in SYSTEM mode
1/7/2021 -- 10:34:04 - <Info> - CPUs/cores online: 12
1/7/2021 -- 10:34:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33553 and 'request-body-inspect-window' set to 4066 after randomization.
1/7/2021 -- 10:34:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 41964 and 'response-body-inspect-window' set to 16108 after randomization.
1/7/2021 -- 10:34:04 - <Config> - SMB stream depth: 0
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for modbus protocol.
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for enip protocol.
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for DNP3.
1/7/2021 -- 10:34:04 - <Info> - Found an MTU of 1500 for 'igb0'
1/7/2021 -- 10:34:04 - <Info> - Found an MTU of 1500 for 'igb0'
1/7/2021 -- 10:34:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
1/7/2021 -- 10:34:04 - <Config> - preallocated 1000 hosts of size 104
1/7/2021 -- 10:34:04 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
1/7/2021 -- 10:34:04 - <Config> - Core dump size is unlimited.
1/7/2021 -- 10:34:04 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
1/7/2021 -- 10:34:04 - <Config> - preallocated 65535 defrag trackers of size 128
1/7/2021 -- 10:34:04 - <Config> - defrag memory usage: 9961344 bytes, maximum: 33554432
1/7/2021 -- 10:34:04 - <Config> - flow size 288, memcap allows for 466033 flows. Per hash row in perfect conditions 7
1/7/2021 -- 10:34:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
1/7/2021 -- 10:34:04 - <Config> - stream "memcap": 67108864
1/7/2021 -- 10:34:04 - <Config> - stream "midstream" session pickups: disabled
1/7/2021 -- 10:34:04 - <Config> - stream "async-oneside": disabled
1/7/2021 -- 10:34:04 - <Config> - stream "checksum-validation": enabled
1/7/2021 -- 10:34:04 - <Config> - stream."inline": disabled
1/7/2021 -- 10:34:04 - <Config> - stream "bypass": disabled
1/7/2021 -- 10:34:04 - <Config> - stream "max-synack-queued": 5
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "memcap": 268435456
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "depth": 1048576
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "toserver-chunk-size": 2669
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "toclient-chunk-size": 2625
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly.raw: enabled
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "segment-prealloc": 2048
1/7/2021 -- 10:34:04 - <Info> - fast output device (regular) initialized: fast.log
1/7/2021 -- 10:34:04 - <Info> - eve-log output device (regular) initialized: eve.json
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'alert'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'anomaly'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'http'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dns'
1/7/2021 -- 10:34:04 - <Config> - eve-log dns version not set, defaulting to version 2
1/7/2021 -- 10:34:04 - <Config> - eve-log dns version not set, defaulting to version 2
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'tls'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'files'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'smtp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ftp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'rdp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'nfs'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'smb'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'tftp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ikev2'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dcerpc'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'krb5'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'snmp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'rfb'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'sip'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dhcp'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ssh'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'mqtt'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'stats'
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'flow'
1/7/2021 -- 10:34:04 - <Info> - stats output device (regular) initialized: stats.log
1/7/2021 -- 10:34:04 - <Config> - Delayed detect disabled
1/7/2021 -- 10:34:04 - <Info> - Running in live mode, activating unix socket
1/7/2021 -- 10:34:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
1/7/2021 -- 10:34:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
1/7/2021 -- 10:34:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
1/7/2021 -- 10:34:04 - <Config> - prefilter engines: MPM
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_uri
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_uri
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_request_line
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_client_body
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_response_line
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header_names
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header_names
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept_enc
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept_lang
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_referer
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_connection
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_len
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_len
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_type
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_type
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http.server
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http.location
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_protocol
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_protocol
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_start
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_start
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_method
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_cookie
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_cookie
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_user_agent
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_host
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_host
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_stat_msg
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_stat_code
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header_name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header_name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dns_query
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dnp3_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dnp3_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.sni
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_issuer
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_subject
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_serial
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.certs
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3.hash
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3.string
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3s.hash
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3s.string
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for smb_named_pipe
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for smb_share
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.proto
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.proto
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh_software
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh_software
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.server
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.string
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for krb5_cname
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for krb5_sname
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.method
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.uri
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.protocol
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.protocol
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.method
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.stat_msg
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.request_line
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.response_line
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for rfb.name
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for snmp.community
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for snmp.community
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.username
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.password
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.publish.message
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for icmpv4.hdr
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tcp.hdr
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for udp.hdr
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for icmpv6.hdr
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ipv4.hdr
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ipv6.hdr
1/7/2021 -- 10:34:04 - <Config> - IP reputation disabled
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/3coresec.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/botcc.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/ciarmy.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/compromised.rules
1/7/2021 -- 10:34:04 - <Config> - No rules loaded from compromised.rules.
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/drop.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/dshield.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-attack_response.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-chat.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-current_events.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-dns.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-dos.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-exploit.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-imap.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-malware.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-misc.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-mobile_malware.rules
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-netbios.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-policy.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-pop3.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-rpc.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-scan.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-shellcode.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-smtp.rules
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-trojan.rules
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-user_agents.rules
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-voip.rules
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_client.rules
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_server.rules
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_specific_apps.rules
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-worm.rules
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/tor.rules
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/custom.rules
1/7/2021 -- 10:34:07 - <Config> - No rules loaded from custom.rules.
1/7/2021 -- 10:34:07 - <Info> - 32 rule files processed. 20590 rules successfully loaded, 0 rules failed
1/7/2021 -- 10:34:07 - <Info> - Threshold config parsed: 2 rule(s) found
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for tcp-packet
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for tcp-stream
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for udp-packet
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for other-ip
1/7/2021 -- 10:34:07 - <Info> - 20593 signatures processed. 1134 are IP-only rules, 3288 are inspecting packet payload, 16147 inspect application layer, 0 are decoder event only
1/7/2021 -- 10:34:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.http.PK' is checked but not set. Checked in 2019835 and 3 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2016396 and 3 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019822 and 1 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.pdf.in.http' is checked but not set. Checked in 2017150 and 4 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017768 and 11 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MCOFF' is checked but not set. Checked in 2019837 and 1 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.armwget' is checked but not set. Checked in 2024241 and 1 other sigs
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
1/7/2021 -- 10:34:07 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
1/7/2021 -- 10:34:07 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
1/7/2021 -- 10:34:08 - <Perf> - UDP toserver: 41 port groups, 24 unique SGH's, 17 copies
1/7/2021 -- 10:34:08 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
1/7/2021 -- 10:34:08 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
1/7/2021 -- 10:34:08 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
1/7/2021 -- 10:34:17 - <Perf> - Unique rule groups: 106
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver TCP packet": 29
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient TCP packet": 20
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver TCP stream": 29
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient TCP stream": 21
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver UDP packet": 24
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient UDP packet": 18
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "other IP packet": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_uri (http)": 9
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 5
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (http)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (smb)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (smb)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (http2)": 6
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (http2)": 6
1/7/2021 -- 10:34:19 - <Config> - AutoFP mode using "Hash" flow load balancer
1/7/2021 -- 10:34:19 - <Info> - Using 1 live device(s).
1/7/2021 -- 10:34:19 - <Info> - using interface igb0
1/7/2021 -- 10:34:19 - <Info> - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets
1/7/2021 -- 10:34:19 - <Info> - Found an MTU of 1500 for 'igb0'
1/7/2021 -- 10:34:19 - <Info> - Set snaplen to 1524 for 'igb0'
1/7/2021 -- 10:34:19 - <Info> - RunModeIdsPcapAutoFp initialised
1/7/2021 -- 10:34:19 - <Config> - using 1 flow manager threads
1/7/2021 -- 10:34:19 - <Config> - using 1 flow recycler threads
1/7/2021 -- 10:34:19 - <Info> - Running in live mode, activating unix socket
1/7/2021 -- 10:34:19 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
1/7/2021 -- 10:34:19 - <Notice> - all 13 packet processing threads, 4 management threads initialized, engine started.
1/7/2021 -- 10:34:36 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
^C1/7/2021 -- 10:50:25 - <Notice> - Signal Received. Stopping engine.
1/7/2021 -- 10:50:25 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
1/7/2021 -- 10:51:26 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - "RX#01-igb0". Killing engine
#
(1-1/2)