Project

General

Profile

Actions

Bug #7184

open

failed to parse addresses

Added by xc yang 3 months ago. Updated 3 months ago.

Status:
New
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
high
Label:

Description

In Surica version 7.0.0, the rules regarding IP cannot be correctly resolved.

[31453] 30/7/2024 -- 15:01:56 - (suricata.c:1142) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (5280e0c 2023-12-12) running in USER mode
[31453] 30/7/2024 -- 15:01:56 - (util-cpu.c:178) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 32
[31453] 30/7/2024 -- 15:01:56 - (app-layer-htp.c:2520) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33090 and 'request-body-inspect-window' set to 4032 after randomization.
[31453] 30/7/2024 -- 15:01:56 - (app-layer-htp.c:2533) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 42734 and 'response-body-inspect-window' set to 16980 after randomization.
[31453] 30/7/2024 -- 15:01:56 - (app-layer-enip.c:480) <Config> (RegisterENIPUDPParsers) -- Protocol detection and parser disabled for enip protocol.
[31453] 30/7/2024 -- 15:01:56 - (app-layer-dnp3.c:1587) <Config> (RegisterDNP3Parsers) -- Protocol detection and parser disabled for DNP3.
[31453] 30/7/2024 -- 15:01:56 - (suricata.c:2653) <Info> (PostConfLoadedSetup) -- == Carrying out Engine Analysis ==
[31453] 30/7/2024 -- 15:01:56 - (host.c:263) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
[31453] 30/7/2024 -- 15:01:56 - (host.c:286) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136
[31453] 30/7/2024 -- 15:01:56 - (host.c:288) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432
[31453] 30/7/2024 -- 15:01:56 - (util-coredump-config.c:149) <Config> (CoredumpLoadConfig) -- Core dump size set to unlimited.
[31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:254) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
[31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:279) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 160
[31453] 30/7/2024 -- 15:01:56 - (defrag-hash.c:286) <Config> (DefragInitConfig) -- defrag memory usage: 14155616 bytes, maximum: 33554432
[31453] 30/7/2024 -- 15:01:57 - (flow.c:645) <Config> (FlowInitConfig) -- flow size 320, memcap allows for 100663296 flows. Per hash row in perfect conditions 15
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:391) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread)
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:410) <Config> (StreamTcpInitConfig) -- stream "memcap": 67108864
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:418) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:424) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:441) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": enabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:469) <Config> (StreamTcpInitConfig) -- stream."inline": disabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:482) <Config> (StreamTcpInitConfig) -- stream "bypass": enabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:504) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:526) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:544) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:619) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2622
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:621) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2558
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp.c:633) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled
[31453] 30/7/2024 -- 15:01:57 - (stream-tcp-reassemble.c:400) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048
%5|1722322917.139|CONFWARN|rdkafka#producer-1| [thrd:app]: No `bootstrap.servers` configured: client will not be able to connect to Kafka cluster
[31453] 30/7/2024 -- 15:01:57 - (runmodes.c:664) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert'
[31453] 30/7/2024 -- 15:01:57 - (util-logopenfile.c:598) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log
[31453] 30/7/2024 -- 15:01:57 - (suricata.c:2320) <Config> (SetupDelayedDetect) -- Delayed detect disabled
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2338) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: hs, SPM: hs
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2654) <Config> (DetectEngineCtxLoadConf) -- toclient-groups 65000
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2671) <Config> (DetectEngineCtxLoadConf) -- toserver-groups 65000
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2744) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2768) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060
[31453] 30/7/2024 -- 15:01:57 - (detect-engine.c:2796) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header_name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http2_header
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.init_spi
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.resp_spi
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.vendor
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.nonce_payload
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.nonce_payload
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.key_exchange_payload
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ike.key_exchange_payload
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.sni
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_issuer
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_subject
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_serial
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_fingerprint
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.certs
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.hash
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.string
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.hash
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.string
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_named_pipe
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_share
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.string
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.hassh.server.string
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_cname
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_sname
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.uri
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.stat_msg
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.request_line
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.response_line
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for rfb.name
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.clientid
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.username
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.password
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willtopic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.connect.willmessage
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.topic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.publish.message
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.subscribe.topic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for mqtt.unsubscribe.topic
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_sni
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_ua
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_version
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic_version
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic.cyu.hash
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:252) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for quic.cyu.string
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for icmpv4.hdr
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for tcp.hdr
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for udp.hdr
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for icmpv6.hdr
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv4.hdr
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:653) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv6.hdr
[31453] 30/7/2024 -- 15:01:57 - (reputation.c:609) <Config> (SRepInit) -- IP reputation disabled
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:309) <Info> (SetupFPAnalyzer) -- Engine-Analysis for fast_pattern printed to file - ./rules_fast_pattern.txt
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:357) <Info> (SetupRuleAnalyzer) -- Engine-Analysis for rules printed to file - ./rules_analysis.txt
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:251) <Config> (ProcessSigFiles) -- Loading rule file: test.rules
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-iponly.c:880) <Error> (IPOnlySigParseAddress) -- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse addresses
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:185) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ip $HOME_NET any -> [192.9.135.73] any (msg:"ET CNC Feodo Tracker Reported CnC Server group 1"; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,feodotracker.abuse.ch; threshold: type limit, track by_src, seconds 3600, count 1; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; classtype:trojan-activity; sid:2404300; rev:7265; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Banking_Trojan, signature_severity Major, created_at 2014_11_04, updated_at 2024_07_26;)" from file test.rules at line 1
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:340) <Config> (SigLoadSignatures) -- No rules loaded from test.rules
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-loader.c:347) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded!
[31453] 30/7/2024 -- 15:01:57 - (util-threshold-config.c:254) <Warning> (SCThresholdConfInitContext) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/data/sec/new_nids/etc/suricata//threshold.config": No such file or directory
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:710) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1473) <Info> (SigAddressPrepareStage1) -- 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1476) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- TCP toserver: 0 port groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- TCP toclient: 0 port groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- UDP toserver: 0 port groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1316) <Perf> (RulesGroupByPorts) -- UDP toclient: 0 port groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1064) <Perf> (RulesGroupByProto) -- OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1101) <Perf> (RulesGroupByProto) -- OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1840) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-mpm.c:1421) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 0
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-analyzer.c:417) <Info> (CleanupRuleAnalyzer) -- Engine-Analysis for rules printed to file - ./rules_analysis.txt
[31453] 30/7/2024 -- 15:01:57 - (host.c:303) <Perf> (HostPrintStats) -- host memory usage: 398144 bytes, maximum: 33554432
[31453] 30/7/2024 -- 15:01:57 - (detect-engine-build.c:1775) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete
[31453] 30/7/2024 -- 15:01:57 - (util-device.c:359) <Notice> (LiveDeviceListClean) -- Stats for '.':  pkts: 0, drop: 0 (-nan%), invalid chksum: 0
[31453] 30/7/2024 -- 15:01:57 - (util-mpm-hs.c:1078) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch
[31453] 30/7/2024 -- 15:01:57 - (util-mpm-hs.c:1086) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache

Files

test.rules (567 Bytes) test.rules xc yang, 07/30/2024 07:07 AM
suricata.yaml (28.6 KB) suricata.yaml xc yang, 07/30/2024 07:09 AM
Actions

Also available in: Atom PDF