Hello,
I looked at the Suricata-IDS logs and they are:
# cat suricata.log
9/8/2020 -- 16:40:43 - <Notice> - Signal Received. Stopping engine.
9/8/2020 -- 16:40:43 - <Info> - time elapsed 79.230s
9/8/2020 -- 16:40:43 - <Info> - Alerts: 7
9/8/2020 -- 16:40:44 - <Info> - cleaning up signature grouping structure... complete
9/8/2020 -- 16:40:44 - <Notice> - Stats for 'ens192': pkts: 1787, drop: 0 (0.00%), invalid chksum: 0
9/8/2020 -- 16:40:44 - <Notice> - This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
9/8/2020 -- 16:40:44 - <Info> - CPUs/cores online: 4
9/8/2020 -- 16:40:44 - <Info> - Found an MTU of 1500 for 'ens192'
9/8/2020 -- 16:40:44 - <Info> - Found an MTU of 1500 for 'ens192'
9/8/2020 -- 16:40:44 - <Info> - dropped the caps for main thread
9/8/2020 -- 16:40:44 - <Info> - fast output device (regular) initialized: fast.log
9/8/2020 -- 16:40:44 - <Info> - eve-log output device (regular) initialized: eve.json
9/8/2020 -- 16:40:44 - <Info> - stats output device (regular) initialized: stats.log
9/8/2020 -- 16:40:44 - <Info> - Running in live mode, activating unix socket
9/8/2020 -- 16:40:45 - <Info> - 1 rule files processed. 20776 rules successfully loaded, 0 rules failed
9/8/2020 -- 16:40:45 - <Info> - Threshold config parsed: 0 rule(s) found
9/8/2020 -- 16:40:45 - <Info> - 20779 signatures processed. 1153 are IP-only rules, 3989 are
inspecting packet payload, 15408 inspect application layer, 103 are decoder event only
9/8/2020 -- 16:40:50 - <Info> - Going to use 4 thread(s)
9/8/2020 -- 16:40:50 - <Info> - Running in live mode, activating unix socket
9/8/2020 -- 16:40:50 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
9/8/2020 -- 16:40:50 - <Notice> - all 4 packet processing threads, 4 management threads initialized,
engine started.
9/8/2020 -- 16:40:50 - <Info> - All AFP capture threads are running.
And:
# tail fast.log
08/21/2020-14:40:17.905636 [**] [1:2402000:5630] ET DROP Dshield Block Listed Source group 1
[**] [Classification: Misc Attack] [Priority: 2] {TCP} 94.102.49.114:51916 -> 172.2.1.63:44330
08/21/2020-14:40:17.905636 [**] [1:2403390:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 91 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 94.102.49.114:51916 ->
172.2.1.63:44330
08/21/2020-14:40:47.637411 [**] [1:2008578:4] ET SCAN Sipvicious Scan [**] [Classification:
Attempted Information Leak] [Priority: 2] {UDP} 69.10.35.48:5090 -> 172.2.1.63:5060
08/21/2020-14:40:47.637411 [**] [1:2403367:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 68 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 69.10.35.48:5090 ->
172.2.1.63:5060
08/21/2020-14:43:41.959509 [**] [1:2402000:5630] ET DROP Dshield Block Listed Source group 1
[**] [Classification: Misc Attack] [Priority: 2] {TCP} 195.54.160.21:42875 -> 172.2.1.63:80
08/21/2020-14:44:41.327754 [**] [1:2403329:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 30 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 46.101.146.208:54768 ->
172.2.1.63:8443
08/21/2020-14:44:56.024233 [**] [1:2403380:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 81 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 85.234.145.20:54782 ->
172.2.1.63:20526
08/21/2020-14:45:20.823336 [**] [1:2403384:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 85 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 89.248.172.85:45105 ->
172.2.1.63:3915
08/21/2020-14:50:51.230281 [**] [1:2403338:59287] ET CINS Active Threat Intelligence Poor
Reputation IP group 39 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 51.178.78.153:52179 ->
172.2.1.63:9200
08/21/2020-14:50:51.230281 [**] [1:2525013:16] ET 3CORESec Poor Reputation IP group 14 [**]
[Classification: Misc Attack] [Priority: 2] {TCP} 51.178.78.153:52179 -> 172.2.1.63:9200
Any tools that I import the Suricata-IDS logs to it and analysis them for me?
Thank you.