Suricata version 7.0.0-dev (3a490fb16 2022-03-04)
Linux version 5.11.0-49-generic (buildd@lcy02-amd64-054) (gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0, GNU ld (GNU Binutils for Ubuntu) 2.36.1) #55-Ubuntu SMP Wed Jan 12 17:36:34 UTC 2022
/usr/bin/suricata -v -c /etc/suricata/suricata.yaml -r /opt/nids/test/ --pcap-file-recursive -l /var/log/suricata/ 2>/dev/null
{
“timestamp”: “2022-03-22T08:59:08.174415+0000”,
“flow_id”: 1155331436357967,
“pcap_cnt”: 54854,
“event_type”: “alert”,
“src_ip”: “10.0.0.104”,
“src_port”: 57621,
“dest_ip”: “10.0.0.255”,
“dest_port”: 57621,
“proto”: “UDP”,
“ether”: {
“src_mac”: “XX:XX:XX:4d:b2:4d”,
“dest_mac”: “ff:ff:ff:ff:ff:ff”
},
“community_id”: “1:4nybWSscJYddpIgTcsmSA0dz7v4=”,
“alert”: {
“action”: “allowed”,
“gid”: 1,
“signature_id”: 2027397,
“rev”: 1,
“signature”: “ET POLICY Spotify P2P Client”,
“category”: “Not Suspicious Traffic”,
“severity”: 3,
“metadata”: {
“affected_product”: [
“Windows_Client_Apps”
],
“attack_target”: [
“Client_Endpoint”
],
“created_at”: [
“2019_05_30”
],
“deployment”: [
“Internal”
],
“performance_impact”: [
“Low”
],
“signature_severity”: [
“Minor”
],
“updated_at”: [
“2019_05_30”
]
}
},
“app_proto”: “failed”,
“flow”: {
“pkts_toserver”: 1,
“pkts_toclient”: 0,
“bytes_toserver”: 86,
“bytes_toclient”: 0,
“start”: “2022-03-22T08:59:08.174415+0000”
},
“payload”: “hidden”,
“payload_printable”: “hidden”,
“stream”: 0,
“packet”: “hidden”,
“packet_info”: {
“linktype”: 1
},
“pcap_filename”: “/test//20220322090615350400-XX:XX:XX:XX:83:12-0e8816425288d9684f038bc55c3c03XX.pcap”
}
{
“timestamp”: “2022-03-22T09:04:08.198805+0000”,
“flow_id”: 1155331436357967,
“pcap_cnt”: 118976,
“event_type”: “alert”,
“src_ip”: “10.0.0.104”,
“src_port”: 57621,
“dest_ip”: “10.0.0.255”,
“dest_port”: 57621,
“proto”: “UDP”,
“ether”: {
“src_mac”: “XX:XX:XX:4d:b2:4d”,
“dest_mac”: “ff:ff:ff:ff:ff:ff”
},
“community_id”: “1:4nybWSscJYddpIgTcsmSA0dz7v4=”,
“alert”: {
“action”: “allowed”,
“gid”: 1,
“signature_id”: 2027397,
“rev”: 1,
“signature”: “ET POLICY Spotify P2P Client”,
“category”: “Not Suspicious Traffic”,
“severity”: 3,
“metadata”: {
“affected_product”: [
“Windows_Client_Apps”
],
“attack_target”: [
“Client_Endpoint”
],
“created_at”: [
“2019_05_30”
],
“deployment”: [
“Internal”
],
“performance_impact”: [
“Low”
],
“signature_severity”: [
“Minor”
],
“updated_at”: [
“2019_05_30”
]
}
},
“app_proto”: “failed”,
“flow”: {
“pkts_toserver”: 11,
“pkts_toclient”: 0,
“bytes_toserver”: 946,
“bytes_toclient”: 0,
“start”: “2022-03-22T08:59:08.174415+0000”
},
“payload”: “hidden”,
“payload_printable”: “hidden”,
“stream”: 0,
“packet”: “hidden”,
“packet_info”: {
“linktype”: 1
},
“pcap_filename”: “/test//20220322090914541400-XX:XX:XX:XX:2b:92-40b8c45e48e3fee6df38d2482ac16dXX.pcap”
}
{
“timestamp”: “2022-03-22T09:09:08.224668+0000”,
“flow_id”: 1155331457946243,
“pcap_cnt”: 120400,
“event_type”: “alert”,
“src_ip”: “10.0.0.104”,
“src_port”: 57621,
“dest_ip”: “10.0.0.255”,
“dest_port”: 57621,
“proto”: “UDP”,
“ether”: {
“src_mac”: “XX:XX:XX:4d:b2:4d”,
“dest_mac”: “ff:ff:ff:ff:ff:ff”
},
“community_id”: “1:4nybWSscJYddpIgTcsmSA0dz7v4=”,
“alert”: {
“action”: “allowed”,
“gid”: 1,
“signature_id”: 2027397,
“rev”: 1,
“signature”: “ET POLICY Spotify P2P Client”,
“category”: “Not Suspicious Traffic”,
“severity”: 3,
“metadata”: {
“affected_product”: [
“Windows_Client_Apps”
],
“attack_target”: [
“Client_Endpoint”
],
“created_at”: [
“2019_05_30”
],
“deployment”: [
“Internal”
],
“performance_impact”: [
“Low”
],
“signature_severity”: [
“Minor”
],
“updated_at”: [
“2019_05_30”
]
}
},
“app_proto”: “failed”,
“flow”: {
“pkts_toserver”: 10,
“pkts_toclient”: 0,
“bytes_toserver”: 860,
“bytes_toclient”: 0,
“start”: “2022-03-22T09:04:38.201347+0000”
},
“payload”: “hidden”,
“payload_printable”: “hidden”,
“stream”: 0,
“packet”: “hidden”,
“packet_info”: {
“linktype”: 1
},
“pcap_filename”: “/test//20220322090950822200-XX:XX:XX:XX:c1:c2-c550d07ceda9c9adfe0473975ab638XX.pcap”
}