27/2/2021 -- 19:45:03 - - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode 27/2/2021 -- 19:45:03 - - CPUs/cores online: 16 27/2/2021 -- 19:45:03 - - Adding interface enp2s0f1 from config file 27/2/2021 -- 19:45:03 - - luajit states preallocated: 128 27/2/2021 -- 19:45:03 - - 'default' server has 'request-body-minimal-inspect-size' set to 32830 and 'request-body-inspect-window' set to 3988 after randomization. 27/2/2021 -- 19:45:03 - - 'default' server has 'response-body-minimal-inspect-size' set to 41702 and 'response-body-inspect-window' set to 16390 after randomization. 27/2/2021 -- 19:45:03 - - SMB stream depth: 0 27/2/2021 -- 19:45:03 - - Protocol detection and parser disabled for modbus protocol. 27/2/2021 -- 19:45:03 - - Protocol detection and parser disabled for enip protocol. 27/2/2021 -- 19:45:03 - - Protocol detection and parser disabled for DNP3. 27/2/2021 -- 19:45:03 - - Found an MTU of 1500 for 'enp2s0f1' 27/2/2021 -- 19:45:03 - - Found an MTU of 1500 for 'enp2s0f1' 27/2/2021 -- 19:45:03 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 27/2/2021 -- 19:45:03 - - preallocated 1000 hosts of size 136 27/2/2021 -- 19:45:03 - - host memory usage: 398144 bytes, maximum: 33554432 27/2/2021 -- 19:45:03 - - Core dump size set to unlimited. 27/2/2021 -- 19:45:03 - - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 27/2/2021 -- 19:45:03 - - preallocated 65535 defrag trackers of size 160 27/2/2021 -- 19:45:03 - - defrag memory usage: 14155616 bytes, maximum: 2147483648 27/2/2021 -- 19:45:03 - - flow size 320, memcap allows for 419430 flows. Per hash row in perfect conditions 6 27/2/2021 -- 19:45:03 - - stream "prealloc-sessions": 2048 (per thread) 27/2/2021 -- 19:45:03 - - stream "memcap": 8589934592 27/2/2021 -- 19:45:03 - - stream "midstream" session pickups: disabled 27/2/2021 -- 19:45:03 - - stream "async-oneside": disabled 27/2/2021 -- 19:45:03 - - stream "checksum-validation": enabled 27/2/2021 -- 19:45:03 - - stream."inline": disabled 27/2/2021 -- 19:45:03 - - stream "bypass": disabled 27/2/2021 -- 19:45:03 - - stream "max-synack-queued": 5 27/2/2021 -- 19:45:03 - - stream.reassembly "memcap": 16106127360 27/2/2021 -- 19:45:03 - - stream.reassembly "depth": 6291456 27/2/2021 -- 19:45:03 - - stream.reassembly "toserver-chunk-size": 2670 27/2/2021 -- 19:45:03 - - stream.reassembly "toclient-chunk-size": 2539 27/2/2021 -- 19:45:03 - - stream.reassembly.raw: enabled 27/2/2021 -- 19:45:03 - - stream.reassembly "segment-prealloc": 2048 27/2/2021 -- 19:45:03 - - fast output device (regular) initialized: fast.log 27/2/2021 -- 19:45:03 - - eve-log output device (regular) initialized: eve.json 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'alert' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'anomaly' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'http' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'dns' 27/2/2021 -- 19:45:03 - - eve-log dns version not set, defaulting to version 2 27/2/2021 -- 19:45:03 - - eve-log dns version not set, defaulting to version 2 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'tls' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'files' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'smtp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'ftp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'rdp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'nfs' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'smb' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'tftp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'ikev2' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'dcerpc' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'krb5' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'snmp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'rfb' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'sip' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'dhcp' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'ssh' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'mqtt' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'stats' 27/2/2021 -- 19:45:03 - - enabling 'eve-log' module 'flow' 27/2/2021 -- 19:45:03 - - stats output device (regular) initialized: stats.log 27/2/2021 -- 19:45:03 - - Delayed detect disabled 27/2/2021 -- 19:45:03 - - Running in live mode, activating unix socket 27/2/2021 -- 19:45:03 - - pattern matchers: MPM: hs, SPM: hs 27/2/2021 -- 19:45:03 - - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 27/2/2021 -- 19:45:03 - - grouping: udp-whitelist (default) 53, 135, 5060 27/2/2021 -- 19:45:03 - - prefilter engines: MPM 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_uri 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_raw_uri 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_request_line 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_client_body 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_response_line 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_header_names 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_header_names 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_accept 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_accept_enc 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_accept_lang 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_referer 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_connection 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_content_len 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_content_len 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_content_type 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_content_type 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http.server 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http.location 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_protocol 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_protocol 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_start 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_start 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_raw_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_raw_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_method 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_cookie 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_cookie 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file.magic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_user_agent 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_host 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_raw_host 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_stat_msg 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http_stat_code 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http2_header_name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http2_header_name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http2_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for http2_header 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dns_query 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dnp3_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dnp3_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.sni 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.cert_issuer 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.cert_subject 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.cert_serial 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.cert_fingerprint 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tls.certs 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ja3.hash 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ja3.string 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ja3s.hash 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ja3s.string 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for smb_named_pipe 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for smb_share 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.proto 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.proto 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh_software 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh_software 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.hassh 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.hassh.server 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.hassh.string 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ssh.hassh.server.string 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for file_data 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for krb5_cname 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for krb5_sname 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.method 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.uri 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.protocol 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.protocol 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.method 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.stat_msg 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.request_line 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for sip.response_line 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for rfb.name 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for snmp.community 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for snmp.community 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.connect.clientid 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.connect.username 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.connect.password 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.connect.willtopic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.connect.willmessage 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.publish.topic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.publish.message 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.subscribe.topic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for mqtt.unsubscribe.topic 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for icmpv4.hdr 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for tcp.hdr 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for udp.hdr 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for icmpv6.hdr 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ipv4.hdr 27/2/2021 -- 19:45:03 - - using shared mpm ctx' for ipv6.hdr 27/2/2021 -- 19:45:03 - - IP reputation disabled 27/2/2021 -- 19:45:03 - - Loading rule file: /var/lib/suricata/rules/suricata.rules 27/2/2021 -- 19:45:12 - - 1 rule files processed. 24868 rules successfully loaded, 0 rules failed 27/2/2021 -- 19:45:12 - - Threshold config parsed: 0 rule(s) found 27/2/2021 -- 19:45:12 - - using shared mpm ctx' for tcp-packet 27/2/2021 -- 19:45:12 - - using shared mpm ctx' for tcp-stream 27/2/2021 -- 19:45:12 - - using shared mpm ctx' for udp-packet 27/2/2021 -- 19:45:12 - - using shared mpm ctx' for other-ip 27/2/2021 -- 19:45:12 - - 24871 signatures processed. 1331 are IP-only rules, 3822 are inspecting packet payload, 19660 inspect application layer, 0 are decoder event only 27/2/2021 -- 19:45:12 - - building signature grouping structure, stage 1: preprocessing rules... complete 27/2/2021 -- 19:45:12 - - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies 27/2/2021 -- 19:45:13 - - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies 27/2/2021 -- 19:45:13 - - UDP toserver: 41 port groups, 36 unique SGH's, 5 copies 27/2/2021 -- 19:45:13 - - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies 27/2/2021 -- 19:45:13 - - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies 27/2/2021 -- 19:45:13 - - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies 27/2/2021 -- 19:45:23 - - Unique rule groups: 112 27/2/2021 -- 19:45:23 - - Builtin MPM "toserver TCP packet": 27 27/2/2021 -- 19:45:23 - - Builtin MPM "toclient TCP packet": 20 27/2/2021 -- 19:45:23 - - Builtin MPM "toserver TCP stream": 24 27/2/2021 -- 19:45:23 - - Builtin MPM "toclient TCP stream": 21 27/2/2021 -- 19:45:23 - - Builtin MPM "toserver UDP packet": 36 27/2/2021 -- 19:45:23 - - Builtin MPM "toclient UDP packet": 16 27/2/2021 -- 19:45:23 - - Builtin MPM "other IP packet": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_uri (http)": 12 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_raw_uri (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_request_line (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_client_body (http)": 5 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_response_line (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_header (http)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_header (http)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_header_names (http)": 3 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_header_names (http)": 3 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_accept (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_accept_enc (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_referer (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_connection (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_content_len (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_content_len (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_content_type (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_content_type (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http.server (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http.location (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_protocol (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_protocol (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_start (http)": 4 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_start (http)": 4 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_raw_header (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_raw_header (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_method (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_cookie (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_cookie (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_user_agent (http)": 5 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_host (http)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver http_host (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient http_stat_code (http)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver dns_query (dns)": 4 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver dns_query (dns)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver tls.sni (tls)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver tls.sni (tls)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient tls.cert_issuer (tls)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient tls.cert_subject (tls)": 2 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient tls.cert_serial (tls)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver ja3.hash (tls)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient ja3s.hash (tls)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver ssh.proto (ssh)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient ssh.proto (ssh)": 1 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver file_data (smtp)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient file_data (http)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver file_data (smb)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient file_data (smb)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toserver file_data (http2)": 6 27/2/2021 -- 19:45:23 - - AppLayer MPM "toclient file_data (http2)": 6 27/2/2021 -- 19:45:34 - - Found affinity definition for "management-cpu-set" 27/2/2021 -- 19:45:34 - - Using default prio 'low' for set 'management-cpu-set' 27/2/2021 -- 19:45:34 - - Found affinity definition for "receive-cpu-set" 27/2/2021 -- 19:45:34 - - Found affinity definition for "worker-cpu-set" 27/2/2021 -- 19:45:34 - - Using default prio 'high' for set 'worker-cpu-set' 27/2/2021 -- 19:45:34 - - Enabling tpacket v3 capture on iface enp2s0f1 27/2/2021 -- 19:45:34 - - Using flow cluster mode for AF_PACKET (iface enp2s0f1) 27/2/2021 -- 19:45:34 - - Using defrag kernel functionality for AF_PACKET (iface enp2s0f1) 27/2/2021 -- 19:45:34 - - enp2s0f1: disabling gro offloading 27/2/2021 -- 19:45:34 - - enp2s0f1: disabling gso offloading 27/2/2021 -- 19:45:34 - - enp2s0f1: disabling sg offloading 27/2/2021 -- 19:45:34 - - enp2s0f1: enabling zero copy mode by using data release call 27/2/2021 -- 19:45:34 - - Going to use 16 thread(s) 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#01-enp2s0f1" to cpu/core 0, thread id 4345 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#02-enp2s0f1" to cpu/core 1, thread id 4346 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#03-enp2s0f1" to cpu/core 2, thread id 4347 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#04-enp2s0f1" to cpu/core 3, thread id 4348 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#05-enp2s0f1" to cpu/core 4, thread id 4349 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#06-enp2s0f1" to cpu/core 5, thread id 4350 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#07-enp2s0f1" to cpu/core 6, thread id 4351 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#08-enp2s0f1" to cpu/core 7, thread id 4352 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#09-enp2s0f1" to cpu/core 8, thread id 4353 27/2/2021 -- 19:45:34 - - Setting prio -2 for thread "W#10-enp2s0f1" to cpu/core 9, thread id 4354 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#11-enp2s0f1" to cpu/core 10, thread id 4355 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#12-enp2s0f1" to cpu/core 11, thread id 4356 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#13-enp2s0f1" to cpu/core 12, thread id 4357 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#14-enp2s0f1" to cpu/core 13, thread id 4358 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#15-enp2s0f1" to cpu/core 14, thread id 4359 27/2/2021 -- 19:45:35 - - Setting prio -2 for thread "W#16-enp2s0f1" to cpu/core 15, thread id 4360 27/2/2021 -- 19:45:35 - - using 1 flow manager threads 27/2/2021 -- 19:45:35 - - Setting prio 2 for thread "FM#01", thread id 4361 27/2/2021 -- 19:45:35 - - using 1 flow recycler threads 27/2/2021 -- 19:45:35 - - Setting prio 2 for thread "FR#01", thread id 4362 27/2/2021 -- 19:45:35 - - Setting prio 2 for thread "CW", thread id 4363 27/2/2021 -- 19:45:35 - - Setting prio 2 for thread "CS", thread id 4364 27/2/2021 -- 19:45:35 - - Running in live mode, activating unix socket 27/2/2021 -- 19:45:35 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/2/2021 -- 19:45:35 - - Setting prio 2 for thread "US", thread id 4365 27/2/2021 -- 19:45:35 - - all 16 packet processing threads, 4 management threads initialized, engine started. 27/2/2021 -- 19:45:35 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:35 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:35 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:35 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:36 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 19:45:37 - - All AFP capture threads are running. 27/2/2021 -- 20:00:41 - - Signal Received. Stopping engine. 27/2/2021 -- 20:00:41 - - Exiting AFP V3 read loop 27/2/2021 -- 20:00:41 - - Exiting AFP V3 read loop 27/2/2021 -- 20:00:41 - - Exiting AFP V3 read loop 27/2/2021 -- 20:00:41 - - Exiting AFP V3 read loop 27/2/2021 -- 20:00:41 - - Exiting AFP V3 read loop 27/2/2021 -- 20:00:41 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 27/2/2021 -- 20:00:41 - - time elapsed 907.248s 27/2/2021 -- 20:00:45 - - 383963 flows processed 27/2/2021 -- 20:00:45 - - (W#01-enp2s0f1) Kernel: Packets 505639, dropped 0 27/2/2021 -- 20:00:45 - - (W#02-enp2s0f1) Kernel: Packets 234220, dropped 0 27/2/2021 -- 20:00:45 - - (W#03-enp2s0f1) Kernel: Packets 1729684, dropped 0 27/2/2021 -- 20:00:45 - - (W#04-enp2s0f1) Kernel: Packets 310868, dropped 0 27/2/2021 -- 20:00:45 - - (W#05-enp2s0f1) Kernel: Packets 189628, dropped 0 27/2/2021 -- 20:00:45 - - (W#06-enp2s0f1) Kernel: Packets 219331, dropped 0 27/2/2021 -- 20:00:45 - - (W#07-enp2s0f1) Kernel: Packets 246389, dropped 0 27/2/2021 -- 20:00:45 - - (W#08-enp2s0f1) Kernel: Packets 222278, dropped 0 27/2/2021 -- 20:00:45 - - (W#09-enp2s0f1) Kernel: Packets 1284760, dropped 0 27/2/2021 -- 20:00:45 - - (W#10-enp2s0f1) Kernel: Packets 335247, dropped 0 27/2/2021 -- 20:00:45 - - (W#11-enp2s0f1) Kernel: Packets 429834, dropped 0 27/2/2021 -- 20:00:45 - - (W#12-enp2s0f1) Kernel: Packets 194227, dropped 0 27/2/2021 -- 20:00:45 - - (W#13-enp2s0f1) Kernel: Packets 229585, dropped 0 27/2/2021 -- 20:00:45 - - (W#14-enp2s0f1) Kernel: Packets 206671, dropped 0 27/2/2021 -- 20:00:46 - - (W#15-enp2s0f1) Kernel: Packets 187869, dropped 0 27/2/2021 -- 20:00:46 - - (W#16-enp2s0f1) Kernel: Packets 547485, dropped 0 27/2/2021 -- 20:00:46 - - Alerts: 5487 27/2/2021 -- 20:00:46 - - ippair memory usage: 414144 bytes, maximum: 16777216 27/2/2021 -- 20:00:46 - - host memory usage: 482736 bytes, maximum: 33554432 27/2/2021 -- 20:00:46 - - cleaning up signature grouping structure... complete 27/2/2021 -- 20:00:46 - - Stats for 'enp2s0f1': pkts: 7073715, drop: 0 (0.00%), invalid chksum: 236 27/2/2021 -- 20:00:46 - - enp2s0f1: restoring gro offloading 27/2/2021 -- 20:00:46 - - enp2s0f1: restoring gso offloading 27/2/2021 -- 20:00:46 - - enp2s0f1: restoring sg offloading 27/2/2021 -- 20:00:46 - - Cleaning up Hyperscan global scratch 27/2/2021 -- 20:00:46 - - Clearing Hyperscan database cache 27/2/2021 -- 20:00:49 - - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode 27/2/2021 -- 20:00:49 - - CPUs/cores online: 16 27/2/2021 -- 20:00:49 - - Adding interface enp2s0f1 from config file 27/2/2021 -- 20:00:49 - - luajit states preallocated: 128 27/2/2021 -- 20:00:49 - - 'default' server has 'request-body-minimal-inspect-size' set to 31681 and 'request-body-inspect-window' set to 3939 after randomization. 27/2/2021 -- 20:00:49 - - 'default' server has 'response-body-minimal-inspect-size' set to 40703 and 'response-body-inspect-window' set to 15940 after randomization. 27/2/2021 -- 20:00:49 - - SMB stream depth: 0 27/2/2021 -- 20:00:49 - - Protocol detection and parser disabled for modbus protocol. 27/2/2021 -- 20:00:49 - - Protocol detection and parser disabled for enip protocol. 27/2/2021 -- 20:00:49 - - Protocol detection and parser disabled for DNP3. 27/2/2021 -- 20:00:49 - - Found an MTU of 1500 for 'enp2s0f1' 27/2/2021 -- 20:00:49 - - Found an MTU of 1500 for 'enp2s0f1' 27/2/2021 -- 20:00:49 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 27/2/2021 -- 20:00:49 - - preallocated 1000 hosts of size 136 27/2/2021 -- 20:00:49 - - host memory usage: 398144 bytes, maximum: 33554432 27/2/2021 -- 20:00:49 - - Core dump size set to unlimited. 27/2/2021 -- 20:00:49 - - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 27/2/2021 -- 20:00:49 - - preallocated 65535 defrag trackers of size 160 27/2/2021 -- 20:00:49 - - defrag memory usage: 14155616 bytes, maximum: 2147483648 27/2/2021 -- 20:00:49 - - flow size 320, memcap allows for 419430 flows. Per hash row in perfect conditions 6 27/2/2021 -- 20:00:49 - - stream "prealloc-sessions": 2048 (per thread) 27/2/2021 -- 20:00:49 - - stream "memcap": 8589934592 27/2/2021 -- 20:00:49 - - stream "midstream" session pickups: disabled 27/2/2021 -- 20:00:49 - - stream "async-oneside": disabled 27/2/2021 -- 20:00:49 - - stream "checksum-validation": enabled 27/2/2021 -- 20:00:49 - - stream."inline": disabled 27/2/2021 -- 20:00:49 - - stream "bypass": disabled 27/2/2021 -- 20:00:49 - - stream "max-synack-queued": 5 27/2/2021 -- 20:00:49 - - stream.reassembly "memcap": 16106127360 27/2/2021 -- 20:00:49 - - stream.reassembly "depth": 6291456 27/2/2021 -- 20:00:49 - - stream.reassembly "toserver-chunk-size": 2654 27/2/2021 -- 20:00:49 - - stream.reassembly "toclient-chunk-size": 2580 27/2/2021 -- 20:00:49 - - stream.reassembly.raw: enabled 27/2/2021 -- 20:00:49 - - stream.reassembly "segment-prealloc": 2048 27/2/2021 -- 20:00:49 - - fast output device (regular) initialized: fast.log 27/2/2021 -- 20:00:49 - - eve-log output device (regular) initialized: eve.json 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'alert' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'anomaly' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'http' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'dns' 27/2/2021 -- 20:00:49 - - eve-log dns version not set, defaulting to version 2 27/2/2021 -- 20:00:49 - - eve-log dns version not set, defaulting to version 2 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'tls' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'files' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'smtp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'ftp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'rdp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'nfs' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'smb' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'tftp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'ikev2' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'dcerpc' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'krb5' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'snmp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'rfb' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'sip' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'dhcp' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'ssh' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'mqtt' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'stats' 27/2/2021 -- 20:00:49 - - enabling 'eve-log' module 'flow' 27/2/2021 -- 20:00:49 - - stats output device (regular) initialized: stats.log 27/2/2021 -- 20:00:49 - - Delayed detect disabled 27/2/2021 -- 20:00:49 - - Running in live mode, activating unix socket 27/2/2021 -- 20:00:49 - - pattern matchers: MPM: hs, SPM: hs 27/2/2021 -- 20:00:49 - - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 27/2/2021 -- 20:00:49 - - grouping: udp-whitelist (default) 53, 135, 5060 27/2/2021 -- 20:00:49 - - prefilter engines: MPM 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_uri 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_raw_uri 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_request_line 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_client_body 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_response_line 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_header_names 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_header_names 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_accept 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_accept_enc 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_accept_lang 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_referer 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_connection 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_content_len 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_content_len 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_content_type 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_content_type 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http.server 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http.location 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_protocol 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_protocol 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_start 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_start 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_raw_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_raw_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_method 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_cookie 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_cookie 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file.magic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_user_agent 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_host 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_raw_host 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_stat_msg 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http_stat_code 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http2_header_name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http2_header_name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http2_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for http2_header 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dns_query 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dnp3_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dnp3_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.sni 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.cert_issuer 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.cert_subject 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.cert_serial 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.cert_fingerprint 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tls.certs 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ja3.hash 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ja3.string 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ja3s.hash 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ja3s.string 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for dce_stub_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for smb_named_pipe 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for smb_share 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.proto 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.proto 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh_software 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh_software 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.hassh 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.hassh.server 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.hassh.string 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ssh.hassh.server.string 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for file_data 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for krb5_cname 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for krb5_sname 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.method 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.uri 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.protocol 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.protocol 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.method 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.stat_msg 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.request_line 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for sip.response_line 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for rfb.name 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for snmp.community 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for snmp.community 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.connect.clientid 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.connect.username 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.connect.password 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.connect.willtopic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.connect.willmessage 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.publish.topic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.publish.message 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.subscribe.topic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for mqtt.unsubscribe.topic 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for icmpv4.hdr 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for tcp.hdr 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for udp.hdr 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for icmpv6.hdr 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ipv4.hdr 27/2/2021 -- 20:00:49 - - using shared mpm ctx' for ipv6.hdr 27/2/2021 -- 20:00:49 - - IP reputation disabled 27/2/2021 -- 20:00:49 - - Loading rule file: /var/lib/suricata/rules/suricata.rules 27/2/2021 -- 20:00:58 - - 1 rule files processed. 24868 rules successfully loaded, 0 rules failed 27/2/2021 -- 20:00:58 - - Threshold config parsed: 0 rule(s) found 27/2/2021 -- 20:00:59 - - using shared mpm ctx' for tcp-packet 27/2/2021 -- 20:00:59 - - using shared mpm ctx' for tcp-stream 27/2/2021 -- 20:00:59 - - using shared mpm ctx' for udp-packet 27/2/2021 -- 20:00:59 - - using shared mpm ctx' for other-ip 27/2/2021 -- 20:00:59 - - 24871 signatures processed. 1331 are IP-only rules, 3822 are inspecting packet payload, 19660 inspect application layer, 0 are decoder event only 27/2/2021 -- 20:00:59 - - building signature grouping structure, stage 1: preprocessing rules... complete 27/2/2021 -- 20:00:59 - - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies 27/2/2021 -- 20:00:59 - - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies 27/2/2021 -- 20:00:59 - - UDP toserver: 41 port groups, 36 unique SGH's, 5 copies 27/2/2021 -- 20:00:59 - - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies 27/2/2021 -- 20:00:59 - - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies 27/2/2021 -- 20:00:59 - - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies 27/2/2021 -- 20:01:09 - - Unique rule groups: 112 27/2/2021 -- 20:01:09 - - Builtin MPM "toserver TCP packet": 27 27/2/2021 -- 20:01:09 - - Builtin MPM "toclient TCP packet": 20 27/2/2021 -- 20:01:09 - - Builtin MPM "toserver TCP stream": 24 27/2/2021 -- 20:01:09 - - Builtin MPM "toclient TCP stream": 21 27/2/2021 -- 20:01:09 - - Builtin MPM "toserver UDP packet": 36 27/2/2021 -- 20:01:09 - - Builtin MPM "toclient UDP packet": 16 27/2/2021 -- 20:01:09 - - Builtin MPM "other IP packet": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_uri (http)": 12 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_raw_uri (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_request_line (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_client_body (http)": 5 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_response_line (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_header (http)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_header (http)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_header_names (http)": 3 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_header_names (http)": 3 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_accept (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_accept_enc (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_referer (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_connection (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_content_len (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_content_len (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_content_type (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_content_type (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http.server (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http.location (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_protocol (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_protocol (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_start (http)": 4 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_start (http)": 4 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_raw_header (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_raw_header (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_method (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_cookie (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_cookie (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_user_agent (http)": 5 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_host (http)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver http_host (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient http_stat_code (http)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver dns_query (dns)": 4 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver dns_query (dns)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver tls.sni (tls)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver tls.sni (tls)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient tls.cert_issuer (tls)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient tls.cert_subject (tls)": 2 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient tls.cert_serial (tls)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver ja3.hash (tls)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient ja3s.hash (tls)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver ssh.proto (ssh)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient ssh.proto (ssh)": 1 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver file_data (smtp)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient file_data (http)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver file_data (smb)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient file_data (smb)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toserver file_data (http2)": 6 27/2/2021 -- 20:01:09 - - AppLayer MPM "toclient file_data (http2)": 6 27/2/2021 -- 20:01:21 - - Found affinity definition for "management-cpu-set" 27/2/2021 -- 20:01:21 - - Using default prio 'low' for set 'management-cpu-set' 27/2/2021 -- 20:01:21 - - Found affinity definition for "receive-cpu-set" 27/2/2021 -- 20:01:21 - - Found affinity definition for "worker-cpu-set" 27/2/2021 -- 20:01:21 - - Using default prio 'high' for set 'worker-cpu-set' 27/2/2021 -- 20:01:21 - - Enabling tpacket v3 capture on iface enp2s0f1 27/2/2021 -- 20:01:21 - - Using flow cluster mode for AF_PACKET (iface enp2s0f1) 27/2/2021 -- 20:01:21 - - Using defrag kernel functionality for AF_PACKET (iface enp2s0f1) 27/2/2021 -- 20:01:21 - - enp2s0f1: disabling gro offloading 27/2/2021 -- 20:01:21 - - enp2s0f1: disabling gso offloading 27/2/2021 -- 20:01:21 - - enp2s0f1: disabling sg offloading 27/2/2021 -- 20:01:21 - - enp2s0f1: enabling zero copy mode by using data release call 27/2/2021 -- 20:01:21 - - Going to use 16 thread(s) 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#01-enp2s0f1" to cpu/core 0, thread id 6563 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#02-enp2s0f1" to cpu/core 1, thread id 6564 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#03-enp2s0f1" to cpu/core 2, thread id 6565 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#04-enp2s0f1" to cpu/core 3, thread id 6566 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#05-enp2s0f1" to cpu/core 4, thread id 6567 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#06-enp2s0f1" to cpu/core 5, thread id 6568 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#07-enp2s0f1" to cpu/core 6, thread id 6569 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#08-enp2s0f1" to cpu/core 7, thread id 6570 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#09-enp2s0f1" to cpu/core 8, thread id 6571 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#10-enp2s0f1" to cpu/core 9, thread id 6572 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#11-enp2s0f1" to cpu/core 10, thread id 6573 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#12-enp2s0f1" to cpu/core 11, thread id 6574 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#13-enp2s0f1" to cpu/core 12, thread id 6575 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#14-enp2s0f1" to cpu/core 13, thread id 6576 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#15-enp2s0f1" to cpu/core 14, thread id 6577 27/2/2021 -- 20:01:21 - - Setting prio -2 for thread "W#16-enp2s0f1" to cpu/core 15, thread id 6578 27/2/2021 -- 20:01:21 - - using 1 flow manager threads 27/2/2021 -- 20:01:21 - - Setting prio 2 for thread "FM#01", thread id 6579 27/2/2021 -- 20:01:21 - - using 1 flow recycler threads 27/2/2021 -- 20:01:21 - - Setting prio 2 for thread "FR#01", thread id 6580 27/2/2021 -- 20:01:21 - - Setting prio 2 for thread "CW", thread id 6581 27/2/2021 -- 20:01:21 - - Setting prio 2 for thread "CS", thread id 6582 27/2/2021 -- 20:01:21 - - Running in live mode, activating unix socket 27/2/2021 -- 20:01:21 - - Using unix socket file '/var/run/suricata/suricata-command.socket' 27/2/2021 -- 20:01:21 - - Setting prio 2 for thread "US", thread id 6583 27/2/2021 -- 20:01:21 - - all 16 packet processing threads, 4 management threads initialized, engine started. 27/2/2021 -- 20:01:21 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:21 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:22 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:23 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:24 - - AF_PACKET V3 RX Ring params: block_size=32768 block_nr=15001 frame_size=1616 frame_nr=300020 (mem: 491552768) 27/2/2021 -- 20:01:24 - - All AFP capture threads are running.