|
[1984] 11/11/2011 -- 13:26:23 - (detect-pcre.c:128) <Info> (DetectPcreRegister) -- Using PCRE match-limit setting of: 3500
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect-pcre.c:138) <Info> (DetectPcreRegister) -- Using PCRE match-limit-recursion setting of: 1500
|
|
[1984] 11/11/2011 -- 13:26:23 - (suricata.c:1429) <Info> (main) -- preallocated 50 packets. Total memory 154900
|
|
[1984] 11/11/2011 -- 13:26:23 - (flow.c:840) <Info> (FlowInitConfig) -- initializing flow engine...
|
|
[1984] 11/11/2011 -- 13:26:23 - (flow.c:932) <Info> (FlowInitConfig) -- allocated 524288 bytes of memory for the flow hash... 65536 buckets of size 8
|
|
[1984] 11/11/2011 -- 13:26:23 - (flow.c:952) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 132
|
|
[1984] 11/11/2011 -- 13:26:23 - (flow.c:954) <Info> (FlowInitConfig) -- flow memory usage: 1844288 bytes, maximum: 33554432
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/decoder-events.rules at line 2
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/decoder-events.rules at line 11
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/decoder-events.rules at line 77
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/decoder-events.rules at line 78
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/stream-events.rules at line 49
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
|
|
" from file c:/suricata/rules/stream-events.rules at line 50
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:631) <Info> (SigLoadSignatures) -- 2 rule files processed. 120 rules succesfully loaded, 6 rules failed
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:2431) <Info> (SigAddressPrepareStage1) -- 120 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 72 are decoder event only
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:2434) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:3076) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:3633) <Info> (SigAddressPrepareStage3) -- MPM memory 0 (dynamic 0, ctxs 0, avg per ctx 0)
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:3635) <Info> (SigAddressPrepareStage3) -- max sig id 120, array size 16
|
|
[1984] 11/11/2011 -- 13:26:23 - (detect.c:3646) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete
|
|
[1984] 11/11/2011 -- 13:26:23 - (util-threshold-config.c:135) <Warning> (SCThresholdConfInitContext) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "threshold.config": No such file or directory
|
|
[1984] 11/11/2011 -- 13:26:23 - (alert-fastlog.c:366) <Info> (AlertFastLogInitCtx) -- Fast log output initialized, filename: fast.log
|
|
[1984] 11/11/2011 -- 13:26:23 - (alert-unified2-alert.c:1150) <Info> (Unified2AlertInitCtx) -- Unified2-alert initialized: filename unified2.alert, limit 32 MB
|
|
[1984] 11/11/2011 -- 13:26:23 - (log-httplog.c:448) <Info> (LogHttpLogInitCtx) -- HTTP log output initialized, filename: http.log
|
|
[1984] 11/11/2011 -- 13:26:23 - (log-pcap.c:480) <Info> (PcapLogInitCtx) -- Using log dir c:/suricata/log
|
|
[1984] 11/11/2011 -- 13:26:23 - (log-pcap.c:490) <Info> (PcapLogInitCtx) -- using normal logging
|
|
[1984] 11/11/2011 -- 13:26:23 - (log-droplog.c:176) <Info> (LogDropLogInitCtx) -- Drop log output initialized, filename: drop.log
|
|
[1984] 11/11/2011 -- 13:26:24 - (runmode-pcap.c:126) <Info> (ParsePcapConfig) -- Unable to find pcap config for interface \Device\NPF_{C752A41C-AC7A-4C4B-B297-472072684FE4}, using default value
|
|
[1164] 11/11/2011 -- 13:26:24 - (source-pcap.c:318) <Info> (ReceivePcapThreadInit) -- using interface \Device\NPF_{C752A41C-AC7A-4C4B-B297-472072684FE4}
|
|
[1164] 11/11/2011 -- 13:26:24 - (source-pcap.c:359) <Info> (ReceivePcapThreadInit) -- Going to use pcap buffer size of 0
|
|
[1984] 11/11/2011 -- 13:26:24 - (runmode-pcap.c:229) <Info> (RunModeIdsPcapAuto) -- RunModeIdsPcapAuto initialised
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:346) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:358) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:368) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:374) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:380) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:397) <Info> (StreamTcpInitConfig) -- stream "checksum_validation": enabled
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:407) <Info> (StreamTcpInitConfig) -- stream."inline": disabled
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:426) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:449) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver_chunk_size": 2560
|
|
[1984] 11/11/2011 -- 13:26:24 - (stream-tcp.c:451) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient_chunk_size": 2560
|
|
[1984] 11/11/2011 -- 13:26:24 - (tm-threads.c:1806) <Info> (TmThreadWaitOnThreadInit) -- all 10 packet processing threads, 3 management threads initialized, engine started.
|
