19/1/2022 -- 15:10:15 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:10:15 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:10:15 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:10:15 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:10:15 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:10:15 - <Info> - Shortening device name to: \Dev..472}
19/1/2022 -- 15:10:15 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:10:15 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:10:15 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:10:16 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:10:16 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:10:16 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:10:26 - <Info> - Using 1 live device(s).
19/1/2022 -- 15:10:26 - <Info> - using interface \Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}
19/1/2022 -- 15:10:26 - <Info> - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets
19/1/2022 -- 15:10:26 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:10:26 - <Info> - Set snaplen to 1524 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:10:26 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on \Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}: Checksum IPv4 Rx: 1 Tx: 1 IPv6 Rx: 1 Tx: 1 LSOv1 IPv4: 0 LSOv2 IPv4: 1 IPv6: 1
19/1/2022 -- 15:10:26 - <Info> - RunModeIdsPcapAutoFp initialised
19/1/2022 -- 15:10:26 - <Notice> - all 9 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:14:36 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:14:36 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:14:36 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:14:36 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:14:36 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:14:36 - <Info> - Shortening device name to: \Dev..472}
19/1/2022 -- 15:14:36 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:14:36 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:14:36 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:14:37 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:14:37 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:14:37 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:14:46 - <Info> - Using 1 live device(s).
19/1/2022 -- 15:14:46 - <Info> - using interface \Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}
19/1/2022 -- 15:14:46 - <Info> - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets
19/1/2022 -- 15:14:46 - <Info> - Found an MTU of 1500 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:14:46 - <Info> - Set snaplen to 1524 for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}'
19/1/2022 -- 15:14:46 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on \Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}: Checksum IPv4 Rx: 1 Tx: 1 IPv6 Rx: 1 Tx: 1 LSOv1 IPv4: 0 LSOv2 IPv4: 1 IPv6: 1
19/1/2022 -- 15:14:47 - <Info> - RunModeIdsPcapAutoFp initialised
19/1/2022 -- 15:14:47 - <Notice> - all 9 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:16:14 - <Notice> - Signal Received.  Stopping engine.
19/1/2022 -- 15:16:14 - <Info> - time elapsed 87.752s
19/1/2022 -- 15:16:14 - <Info> - (RX#01-\Dev..472) Packets 314, bytes 59752
19/1/2022 -- 15:16:14 - <Info> - (RX#01-\Dev..472) Pcap Total:317 Recv:317 Drop:0 (0.0%).
19/1/2022 -- 15:16:14 - <Info> - Alerts: 0
19/1/2022 -- 15:16:15 - <Info> - cleaning up signature grouping structure... complete
19/1/2022 -- 15:16:15 - <Notice> - Stats for '\Device\NPF_{750ADE9E-7210-46A9-B4F0-60571C5BB472}':  pkts: 314, drop: 0 (0.00%), invalid chksum: 98
19/1/2022 -- 15:16:22 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:16:22 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:16:22 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31390 and 'request-body-inspect-window' set to 3910 after randomization.
19/1/2022 -- 15:16:22 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 42534 and 'response-body-inspect-window' set to 16804 after randomization.
19/1/2022 -- 15:16:22 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:16:22 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:16:22 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:16:22 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:16:22 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:16:22 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:16:22 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:16:22 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:16:22 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:16:22 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:16:22 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:16:22 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:16:23 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:16:23 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:16:23 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:16:23 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:16:23 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:16:23 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:16:23 - <Config> - stream."inline": disabled
19/1/2022 -- 15:16:23 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:16:23 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly "toserver-chunk-size": 2666
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly "toclient-chunk-size": 2477
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:16:23 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:16:23 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:16:23 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:16:23 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:16:23 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:16:23 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:16:23 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:16:23 - <Config> - Delayed detect disabled
19/1/2022 -- 15:16:23 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:16:23 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:16:23 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:16:23 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:16:23 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:16:24 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:16:25 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:16:26 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:16:26 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:16:26 - <Config> - IP reputation disabled
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:16:26 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:16:26 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:16:26 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:16:27 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:16:27 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:16:27 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:16:27 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:16:27 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:16:27 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:16:27 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:16:27 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:16:27 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:16:27 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:16:27 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:16:27 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:16:27 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:16:27 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:16:27 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:16:36 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:16:36 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:16:36 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:16:37 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:16:37 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:16:37 - <Error> - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 5 (0x00000005): Accès refusé. Suricata must be run with Administrator privileges.
19/1/2022 -- 15:16:37 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:16:37 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:16:38 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX-1" failed to initialize: flags 0145
19/1/2022 -- 15:16:38 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Engine initialization failed, aborting...
19/1/2022 -- 15:18:18 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:18:18 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:18:18 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31413 and 'request-body-inspect-window' set to 4094 after randomization.
19/1/2022 -- 15:18:18 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 40674 and 'response-body-inspect-window' set to 16175 after randomization.
19/1/2022 -- 15:18:18 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:18:18 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:18:18 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:18:18 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:18:18 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:18:19 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:18:19 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:18:19 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:18:19 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:18:19 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:18:19 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:18:19 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:18:19 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:18:19 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:18:19 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:18:19 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:18:19 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:18:19 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:18:19 - <Config> - stream."inline": disabled
19/1/2022 -- 15:18:19 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:18:19 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly "toserver-chunk-size": 2472
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly "toclient-chunk-size": 2682
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:18:19 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:18:19 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:18:19 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:18:19 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:18:19 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:18:19 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:18:19 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:18:19 - <Config> - Delayed detect disabled
19/1/2022 -- 15:18:19 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:18:19 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:18:19 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:18:19 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:18:19 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:18:20 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:18:20 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:18:20 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:18:20 - <Config> - IP reputation disabled
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:18:20 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:18:20 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:18:20 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:18:21 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:18:21 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:18:21 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:18:21 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:18:21 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:18:21 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:18:21 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:18:21 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:18:21 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:18:21 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:18:21 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:18:21 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:18:21 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:18:21 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:18:21 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:18:21 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:18:21 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:18:21 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:18:30 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:18:30 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:18:30 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:18:31 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:18:31 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:18:31 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:18:31 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:19:02 - <Error> - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 87 (0x00000057): Paramètre incorrect. The WinDivert packet filter string is invalid.
19/1/2022 -- 15:19:02 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread TX#00 failed
19/1/2022 -- 15:20:57 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:20:57 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:20:57 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33940 and 'request-body-inspect-window' set to 4255 after randomization.
19/1/2022 -- 15:20:57 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 39447 and 'response-body-inspect-window' set to 16080 after randomization.
19/1/2022 -- 15:20:57 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:20:57 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:20:57 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:20:57 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:20:57 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:20:57 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:20:57 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:20:57 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:20:57 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:20:57 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:20:57 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:20:57 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:20:57 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:20:57 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:20:57 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:20:57 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:20:57 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:20:57 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:20:57 - <Config> - stream."inline": disabled
19/1/2022 -- 15:20:57 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:20:57 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly "toserver-chunk-size": 2571
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly "toclient-chunk-size": 2582
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:20:57 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:20:57 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:20:57 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:20:57 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:20:57 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:20:57 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:20:58 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:20:58 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:20:58 - <Config> - Delayed detect disabled
19/1/2022 -- 15:20:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:20:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:20:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:20:58 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:20:58 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:20:59 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:20:59 - <Config> - IP reputation disabled
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:20:59 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:20:59 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:20:59 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:21:00 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:21:00 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:21:00 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:21:00 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:21:00 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:21:00 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:21:00 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:21:00 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:21:00 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:21:00 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:21:01 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:21:01 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:21:01 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:21:01 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:21:01 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:21:09 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:21:09 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:21:09 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:21:10 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:21:10 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:21:10 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:21:10 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:21:29 - <Error> - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 87 (0x00000057): Paramètre incorrect. The WinDivert packet filter string is invalid.
19/1/2022 -- 15:21:30 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread TX#00 failed
19/1/2022 -- 15:41:53 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:41:53 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:41:53 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33795 and 'request-body-inspect-window' set to 4030 after randomization.
19/1/2022 -- 15:41:53 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 40315 and 'response-body-inspect-window' set to 16119 after randomization.
19/1/2022 -- 15:41:53 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:41:53 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:41:53 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:41:53 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:41:53 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:41:54 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:41:54 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:41:54 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:41:54 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:41:54 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:41:54 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:41:54 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:41:54 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:41:54 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:41:54 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:41:54 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:41:54 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:41:54 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:41:54 - <Config> - stream."inline": disabled
19/1/2022 -- 15:41:54 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:41:54 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly "toserver-chunk-size": 2572
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly "toclient-chunk-size": 2457
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:41:54 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:41:54 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:41:54 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:41:54 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:41:54 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:41:54 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:41:54 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:41:54 - <Config> - Delayed detect disabled
19/1/2022 -- 15:41:54 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:41:54 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:41:54 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:41:54 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:41:54 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:41:55 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:41:55 - <Config> - IP reputation disabled
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:41:55 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:41:55 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:41:55 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:41:56 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:41:56 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:41:56 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:41:56 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:41:56 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:41:56 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:41:56 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:41:56 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:41:56 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:41:56 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:41:56 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:41:56 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:41:56 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:41:56 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:41:56 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:41:56 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:42:05 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:42:05 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:42:05 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:42:06 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:42:06 - <Error> - [ERRCODE: SC_ERR_THREAD_QUEUE(235)] - queue "pickup8" doesn't have a writer (id 8, max 9)
19/1/2022 -- 15:42:06 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - fatal error during threading setup
19/1/2022 -- 15:42:46 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:42:46 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:42:46 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32599 and 'request-body-inspect-window' set to 4226 after randomization.
19/1/2022 -- 15:42:46 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 39040 and 'response-body-inspect-window' set to 17117 after randomization.
19/1/2022 -- 15:42:46 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:42:46 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:42:46 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:42:46 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:42:46 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:42:46 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:42:46 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:42:46 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:42:46 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:42:46 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:42:46 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:42:46 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:42:46 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:42:46 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:42:46 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:42:46 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:42:46 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:42:46 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:42:46 - <Config> - stream."inline": disabled
19/1/2022 -- 15:42:46 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:42:46 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly "toserver-chunk-size": 2581
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly "toclient-chunk-size": 2560
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:42:46 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:42:46 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:42:46 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:42:46 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:42:46 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:42:46 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:42:46 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:42:46 - <Config> - Delayed detect disabled
19/1/2022 -- 15:42:46 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:42:46 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:42:46 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:42:46 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:42:46 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:42:47 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:42:47 - <Config> - IP reputation disabled
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:42:47 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:42:47 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:42:47 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:42:48 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:42:48 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:42:48 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:42:49 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:42:49 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:42:49 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:42:49 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:42:49 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:42:49 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:42:49 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:42:49 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:42:49 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:42:49 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:42:49 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:42:49 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:42:58 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:42:58 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:42:58 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:42:59 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:42:59 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:42:59 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:42:59 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:43:02 - <Error> - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 87 (0x00000057): Paramètre incorrect. The WinDivert packet filter string is invalid.
19/1/2022 -- 15:43:02 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread TX#00 failed
19/1/2022 -- 15:48:42 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:48:42 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:48:42 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31166 and 'request-body-inspect-window' set to 4081 after randomization.
19/1/2022 -- 15:48:42 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 40833 and 'response-body-inspect-window' set to 17002 after randomization.
19/1/2022 -- 15:48:42 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:48:42 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:48:42 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:48:42 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:48:42 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:48:42 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:48:42 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:48:42 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:48:42 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:48:42 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:48:42 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:48:42 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:48:42 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:48:42 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:48:42 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:48:42 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:48:42 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:48:42 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:48:42 - <Config> - stream."inline": disabled
19/1/2022 -- 15:48:42 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:48:42 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly "toserver-chunk-size": 2624
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly "toclient-chunk-size": 2604
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:48:42 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:48:42 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:48:42 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:48:42 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:48:42 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:48:42 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:48:43 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:48:43 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:48:43 - <Config> - Delayed detect disabled
19/1/2022 -- 15:48:43 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:48:43 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:48:43 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:48:43 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:43 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:48:44 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:48:44 - <Config> - IP reputation disabled
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:48:44 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:48:44 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:48:44 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:48:45 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:48:45 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:48:45 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:48:46 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:48:46 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:48:46 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:48:46 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:48:46 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:48:46 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:48:46 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:48:46 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:48:46 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:48:46 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:48:46 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:48:46 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:48:54 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:48:54 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:48:54 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:48:54 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:48:54 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:48:54 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:48:54 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:48:55 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:48:56 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:48:56 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:48:56 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:48:56 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:51:40 - <Notice> - Signal Received.  Stopping engine.
19/1/2022 -- 15:51:40 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
19/1/2022 -- 15:51:45 - <Info> - time elapsed 169.571s
19/1/2022 -- 15:51:45 - <Perf> - 166 flows processed
19/1/2022 -- 15:51:45 - <Info> - (RX-1) Packets 775, Bytes 233362, Errors 0
19/1/2022 -- 15:51:45 - <Info> - (RX-1) Verdict: Accepted 775, Dropped 0, Replaced 0
19/1/2022 -- 15:51:45 - <Perf> - AutoFP - Total flow handler queues - 8
19/1/2022 -- 15:51:46 - <Info> - Alerts: 0
19/1/2022 -- 15:51:46 - <Perf> - ippair memory usage: 382144 bytes, maximum: 16777216
19/1/2022 -- 15:51:46 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:51:46 - <Info> - cleaning up signature grouping structure... complete
19/1/2022 -- 15:52:05 - <Notice> - This is Suricata version 6.0.3 RELEASE running in SYSTEM mode
19/1/2022 -- 15:52:05 - <Info> - CPUs/cores online: 8
19/1/2022 -- 15:52:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31382 and 'request-body-inspect-window' set to 4108 after randomization.
19/1/2022 -- 15:52:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 42810 and 'response-body-inspect-window' set to 15932 after randomization.
19/1/2022 -- 15:52:05 - <Config> - SMB stream depth: 0
19/1/2022 -- 15:52:05 - <Config> - Protocol detection and parser disabled for modbus protocol.
19/1/2022 -- 15:52:05 - <Config> - Protocol detection and parser disabled for enip protocol.
19/1/2022 -- 15:52:05 - <Config> - Protocol detection and parser disabled for DNP3.
19/1/2022 -- 15:52:05 - <Info> - Found a global MTU of 1500
19/1/2022 -- 15:52:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
19/1/2022 -- 15:52:05 - <Config> - preallocated 1000 hosts of size 104
19/1/2022 -- 15:52:05 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
19/1/2022 -- 15:52:05 - <Info> - Configuring core dump is not yet supported on Windows.
19/1/2022 -- 15:52:05 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
19/1/2022 -- 15:52:05 - <Config> - preallocated 65535 defrag trackers of size 120
19/1/2022 -- 15:52:05 - <Config> - defrag memory usage: 9437064 bytes, maximum: 33554432
19/1/2022 -- 15:52:05 - <Config> - flow size 264, memcap allows for 508400 flows. Per hash row in perfect conditions 7
19/1/2022 -- 15:52:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
19/1/2022 -- 15:52:05 - <Config> - stream "memcap": 67108864
19/1/2022 -- 15:52:05 - <Config> - stream "midstream" session pickups: disabled
19/1/2022 -- 15:52:05 - <Config> - stream "async-oneside": disabled
19/1/2022 -- 15:52:05 - <Config> - stream "checksum-validation": disabled
19/1/2022 -- 15:52:05 - <Config> - stream."inline": disabled
19/1/2022 -- 15:52:05 - <Config> - stream "bypass": disabled
19/1/2022 -- 15:52:05 - <Config> - stream "max-synack-queued": 5
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly "memcap": 268435456
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly "depth": 1048576
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly "toserver-chunk-size": 2552
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly "toclient-chunk-size": 2534
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly.raw: enabled
19/1/2022 -- 15:52:05 - <Config> - stream.reassembly "segment-prealloc": 2048
19/1/2022 -- 15:52:05 - <Info> - fast output device (regular) initialized: fast.log
19/1/2022 -- 15:52:05 - <Info> - eve-log output device (regular) initialized: eve.json
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'alert'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'anomaly'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'http'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'dns'
19/1/2022 -- 15:52:05 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:52:05 - <Config> - eve-log dns version not set, defaulting to version 2
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'tls'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'files'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'smtp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'ftp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'rdp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'nfs'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'smb'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'tftp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'ikev2'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'dcerpc'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'krb5'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'snmp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'rfb'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'sip'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'dhcp'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'ssh'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'mqtt'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'stats'
19/1/2022 -- 15:52:05 - <Config> - enabling 'eve-log' module 'flow'
19/1/2022 -- 15:52:05 - <Info> - stats output device (regular) initialized: stats.log
19/1/2022 -- 15:52:05 - <Config> - Delayed detect disabled
19/1/2022 -- 15:52:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
19/1/2022 -- 15:52:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
19/1/2022 -- 15:52:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
19/1/2022 -- 15:52:05 - <Config> - prefilter engines: MPM
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_uri
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_uri
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_request_line
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_client_body
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_response_line
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_header_names
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept_enc
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_accept_lang
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_referer
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_connection
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_len
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_content_type
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http.server
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http.location
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_protocol
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_start
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_method
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_cookie
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for file.name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_user_agent
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_host
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_raw_host
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_stat_msg
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http_stat_code
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http2_header_name
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for http2_header
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dns_query
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dnp3_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.sni
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.cert_issuer
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.cert_subject
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.cert_serial
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for tls.certs
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ja3.hash
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ja3.string
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ja3s.hash
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ja3s.string
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for dce_stub_data
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for smb_named_pipe
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for smb_share
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:52:05 - <Perf> - using shared mpm ctx' for ssh.proto
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh_software
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh.hassh
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh.hassh.server
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh.hassh.string
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for file_data
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for krb5_cname
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for krb5_sname
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.uri
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.protocol
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.method
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.stat_msg
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.request_line
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for sip.response_line
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for rfb.name
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for snmp.community
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.connect.username
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.connect.password
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.publish.message
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for icmpv4.hdr
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for tcp.hdr
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for udp.hdr
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for icmpv6.hdr
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ipv4.hdr
19/1/2022 -- 15:52:06 - <Perf> - using shared mpm ctx' for ipv6.hdr
19/1/2022 -- 15:52:06 - <Config> - IP reputation disabled
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\botcc.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\botcc.portgrouped.rules
19/1/2022 -- 15:52:06 - <Config> - No rules loaded from botcc.portgrouped.rules.
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\ciarmy.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\compromised.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\drop.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\dshield.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-activex.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-attack_response.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-chat.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-current_events.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dns.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-dos.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-exploit.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-ftp.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-games.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp_info.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-icmp.rules
19/1/2022 -- 15:52:06 - <Config> - No rules loaded from emerging-icmp.rules.
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-imap.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-inappropriate.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-info.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-malware.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-misc.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-mobile_malware.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-netbios.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-p2p.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-policy.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-pop3.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-rpc.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scada.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-scan.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-shellcode.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-smtp.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-snmp.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-sql.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-telnet.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-tftp.rules
19/1/2022 -- 15:52:06 - <Config> - Loading rule file: C:\Suricata\rules\emerging-trojan.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-user_agents.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-voip.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_client.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_server.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-web_specific_apps.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\emerging-worm.rules
19/1/2022 -- 15:52:07 - <Config> - Loading rule file: C:\Suricata\rules\tor.rules
19/1/2022 -- 15:52:07 - <Info> - 44 rule files processed. 23850 rules successfully loaded, 0 rules failed
19/1/2022 -- 15:52:07 - <Info> - Threshold config parsed: 0 rule(s) found
19/1/2022 -- 15:52:07 - <Perf> - using shared mpm ctx' for tcp-packet
19/1/2022 -- 15:52:07 - <Perf> - using shared mpm ctx' for tcp-stream
19/1/2022 -- 15:52:07 - <Perf> - using shared mpm ctx' for udp-packet
19/1/2022 -- 15:52:07 - <Perf> - using shared mpm ctx' for other-ip
19/1/2022 -- 15:52:07 - <Info> - 23853 signatures processed. 1289 are IP-only rules, 4139 are inspecting packet payload, 18400 inspect application layer, 0 are decoder event only
19/1/2022 -- 15:52:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
19/1/2022 -- 15:52:07 - <Perf> - TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
19/1/2022 -- 15:52:07 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
19/1/2022 -- 15:52:07 - <Perf> - UDP toserver: 41 port groups, 38 unique SGH's, 3 copies
19/1/2022 -- 15:52:07 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
19/1/2022 -- 15:52:07 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
19/1/2022 -- 15:52:07 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
19/1/2022 -- 15:52:16 - <Perf> - Unique rule groups: 118
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toserver TCP packet": 26
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toclient TCP packet": 20
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toserver TCP stream": 30
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toclient TCP stream": 21
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toserver UDP packet": 38
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "toclient UDP packet": 16
19/1/2022 -- 15:52:16 - <Perf> - Builtin MPM "other IP packet": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_uri (http)": 8
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_uri (http2)": 8
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_raw_uri (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 5
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept_enc (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_accept_lang (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_referer (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_content_len (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_content_len (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_content_type (http2)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_content_type (http2)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_method (http2)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 3
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 3
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_cookie (http2)": 3
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_cookie (http2)": 3
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 6
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_user_agent (http2)": 6
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_raw_host (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver http_raw_host (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient http_stat_code (http2)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 5
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 7
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient file_data (http)": 7
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver file_data (smb)": 7
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient file_data (smb)": 7
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toserver file_data (http2)": 7
19/1/2022 -- 15:52:16 - <Perf> - AppLayer MPM "toclient file_data (http2)": 7
19/1/2022 -- 15:52:17 - <Config> - AutoFP mode using "Hash" flow load balancer
19/1/2022 -- 15:52:17 - <Config> - using 1 flow manager threads
19/1/2022 -- 15:52:17 - <Config> - using 1 flow recycler threads
19/1/2022 -- 15:52:17 - <Notice> - all 10 packet processing threads, 4 management threads initialized, engine started.
19/1/2022 -- 15:52:43 - <Error> - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 87 (0x00000057): Paramètre incorrect. The WinDivert packet filter string is invalid.
19/1/2022 -- 15:52:43 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread TX#00 failed