root@RPI:/var/log/suricata# cat suricata.log
[22937 - Suricata-Main] 2024-02-23 13:42:38 Notice: detect: rule reload starting
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Reloading /etc/suricata/suricata.yaml
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: pattern matchers: MPM: ac, SPM: bm
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: grouping: udp-whitelist (default) 53, 135, 5060
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: prefilter engines: MPM
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: reputation: IP reputation disabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/3coresec.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/CVE-2020-14750.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/app-layer-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/botcc.portgrouped.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/botcc.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/ciarmy.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/compromised.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/decoder-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/dhcp-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/dnp3-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect-parse: protocol "dnp3" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.dnp3.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect: error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Request flood detected";       app-layer-event:dnp3.flooded; classtype:protocol-command-decode; sid:2270000; rev:2;)" from file /etc/suricata/rules/dnp3-events.rules at line 7
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect-parse: protocol "dnp3" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.dnp3.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect: error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Length too small";       app-layer-event:dnp3.len_too_small; classtype:protocol-command-decode; sid:2270001; rev:3;)" from file /etc/suricata/rules/dnp3-events.rules at line 13
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect-parse: protocol "dnp3" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.dnp3.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect: error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad link CRC";       app-layer-event:dnp3.bad_link_crc; classtype:protocol-command-decode; sid:2270002; rev:2;)" from file /etc/suricata/rules/dnp3-events.rules at line 17
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect-parse: protocol "dnp3" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.dnp3.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect: error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad transport CRC";       app-layer-event:dnp3.bad_transport_crc; classtype:protocol-command-decode; sid:2270003; rev:2;)" from file /etc/suricata/rules/dnp3-events.rules at line 21
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect-parse: protocol "dnp3" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.dnp3.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:38 Error: detect: error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Unknown object";       app-layer-event:dnp3.unknown_object; classtype:protocol-command-decode; sid:2270004; rev:2;)" from file /etc/suricata/rules/dnp3-events.rules at line 25
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/dns-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/drop.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/dshield.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/emerging-activex.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/emerging-adware_pup.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/emerging-attack_response.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/emerging-chat.rules
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001805 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001241 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001242 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001243 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001260 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2001259 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Info: detect-parse: Rule with ID 2009375 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:38 Config: detect: Loading rule file: /etc/suricata/rules/emerging-coinminer.rules
[22937 - Suricata-Main] 2024-02-23 13:42:39 Config: detect: Loading rule file: /etc/suricata/rules/emerging-current_events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:39 Config: detect: Loading rule file: /etc/suricata/rules/emerging-deleted.rules
[22937 - Suricata-Main] 2024-02-23 13:42:39 Info: detect-parse: Rule with ID 2101854 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:39 Info: detect-parse: Rule with ID 2101855 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:39 Info: detect-parse: Rule with ID 2101856 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:39 Error: detect-bytetest: Malformed bitmask value:  fc
[22937 - Suricata-Main] 2024-02-23 13:42:39 Error: detect: error parsing signature "alert tcp any any -> any 44818 (msg:"ET DELETED [Rockwell/CISA] ENIP CIP Socket Object unconnected readwith unusual length detected"; flow:established,to_server; content:"|42 03|"; fast_pattern; content:"|6F 00|"; depth:2; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_jump:1,0,relative,multiplier 2; byte_test:4,>,0x7FFFFFFF,4,relative,little; content:"|B2 00|"; offset:30; depth:90; content:"|4D|"; within:1; distance:2; byte_extract:1,0,toss,relative,multiplier 2; content:"|42 03|"; within:toss; byte_test:1,=,8,-4,relative,bitmask fc; reference:cve,2023-3595; reference:cve,2023-3596; classtype:attempted-admin; sid:2046878; rev:2; metadata:created_at 2023_07_20, former_category SCADA, updated_at 2023_07_20;)" from file /etc/suricata/rules/emerging-deleted.rules at line 6917
[22937 - Suricata-Main] 2024-02-23 13:42:39 Config: detect: Loading rule file: /etc/suricata/rules/emerging-dns.rules
[22937 - Suricata-Main] 2024-02-23 13:42:39 Config: detect: Loading rule file: /etc/suricata/rules/emerging-dos.rules
[22937 - Suricata-Main] 2024-02-23 13:42:39 Config: detect: Loading rule file: /etc/suricata/rules/emerging-exploit.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-exploit_kit.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-ftp.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-games.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-hunting.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-icmp.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-icmp_info.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-imap.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules
[22937 - Suricata-Main] 2024-02-23 13:42:40 Config: detect: Loading rule file: /etc/suricata/rules/emerging-info.rules
[22937 - Suricata-Main] 2024-02-23 13:42:41 Config: detect: Loading rule file: /etc/suricata/rules/emerging-ja3.rules
[22937 - Suricata-Main] 2024-02-23 13:42:41 Config: detect: Loading rule file: /etc/suricata/rules/emerging-malware.rules
[22937 - Suricata-Main] 2024-02-23 13:42:41 Info: detect-parse: Rule with ID 2026440 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:43 Config: detect: Loading rule file: /etc/suricata/rules/emerging-misc.rules
[22937 - Suricata-Main] 2024-02-23 13:42:43 Config: detect: Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules
[22937 - Suricata-Main] 2024-02-23 13:42:43 Config: detect: Loading rule file: /etc/suricata/rules/emerging-netbios.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-p2p.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-phishing.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-policy.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Info: detect-parse: Rule with ID 2001406 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:44 Info: detect-parse: Rule with ID 2001407 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:44 Info: detect-parse: Rule with ID 2001408 is bidirectional, but source and destination are the same, treating the rule as unidirectional
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-pop3.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-rpc.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-scada.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-scan.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-shellcode.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-smtp.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-snmp.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-sql.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-telnet.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-tftp.rules
[22937 - Suricata-Main] 2024-02-23 13:42:44 Config: detect: Loading rule file: /etc/suricata/rules/emerging-user_agents.rules
[22937 - Suricata-Main] 2024-02-23 13:42:45 Config: detect: Loading rule file: /etc/suricata/rules/emerging-voip.rules
[22937 - Suricata-Main] 2024-02-23 13:42:45 Config: detect: Loading rule file: /etc/suricata/rules/emerging-web_client.rules
[22937 - Suricata-Main] 2024-02-23 13:42:45 Config: detect: Loading rule file: /etc/suricata/rules/emerging-web_server.rules
[22937 - Suricata-Main] 2024-02-23 13:42:45 Config: detect: Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/emerging-worm.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/files.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Warning: detect-filestore: One or more rule(s) depends on the file-store output log which is not enabled. Enable the output "file-store".
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-file-hash-common: opening hash file /etc/suricata/rules/fileextraction-chksum.list: No such file or directory
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert http any any -> any any (msg:"Black list checksum match and extract MD5"; filemd5:fileextraction-chksum.list; filestore; sid:28; rev:1;)" from file /etc/suricata/rules/files.rules at line 50
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-file-hash-common: opening hash file /etc/suricata/rules/fileextraction-chksum.list: No such file or directory
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert http any any -> any any (msg:"Black list checksum match and extract SHA1"; filesha1:fileextraction-chksum.list; filestore; sid:29; rev:1;)" from file /etc/suricata/rules/files.rules at line 51
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-file-hash-common: opening hash file /etc/suricata/rules/fileextraction-chksum.list: No such file or directory
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert http any any -> any any (msg:"Black list checksum match and extract SHA256"; filesha256:fileextraction-chksum.list; filestore; sid:30; rev:1;)" from file /etc/suricata/rules/files.rules at line 52
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/ftp-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/http-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/http2-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/ipsec-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/kerberos-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/modbus-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Protocol version"; app-layer-event:modbus.invalid_protocol_id; classtype:protocol-command-decode; sid:2250001; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 2
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus unsolicited response"; app-layer-event:modbus.unsolicited_response; classtype:protocol-command-decode; sid:2250002; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 4
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Length"; app-layer-event:modbus.invalid_length; classtype:protocol-command-decode; sid:2250003; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 6
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Unit Identifier"; app-layer-event:modbus.invalid_unit_identifier; classtype:protocol-command-decode; sid:2250004; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 8
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Function code"; app-layer-event:modbus.invalid_function_code; classtype:protocol-command-decode; sid:2250005; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 10
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Value"; app-layer-event:modbus.invalid_value; classtype:protocol-command-decode; sid:2250006; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 12
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Exception code invalid"; flow:to_client; app-layer-event:modbus.invalid_exception_code; classtype:protocol-command-decode; sid:2250007; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 14
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Data mismatch"; flow:to_client; app-layer-event:modbus.value_mismatch; classtype:protocol-command-decode; sid:2250008; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 16
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect-parse: protocol "modbus" cannot be used in a signature.  Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.modbus.detection-enabled
[22937 - Suricata-Main] 2024-02-23 13:42:46 Error: detect: error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Request flood detected"; flow:to_server; app-layer-event:modbus.flooded; classtype:protocol-command-decode; sid:2250009; rev:2;)" from file /etc/suricata/rules/modbus-events.rules at line 18
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/mqtt-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/nfs-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/ntp-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/quic-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/rfb-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/smb-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/smtp-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/ssh-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/stream-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/telnet-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/threatview_CS_c2.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/tls-events.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Config: detect: Loading rule file: /etc/suricata/rules/tor.rules
[22937 - Suricata-Main] 2024-02-23 13:42:46 Info: detect: 76 rule files processed. 49336 rules successfully loaded, 18 rules failed, 0
[22937 - Suricata-Main] 2024-02-23 13:42:47 Info: threshold-config: Threshold config parsed: 0 rule(s) found
[22937 - Suricata-Main] 2024-02-23 13:42:47 Info: detect: 49347 signatures processed. 11 are IP-only rules, 10268 are inspecting packet payload, 37287 inspect application layer, 113 are decoder event only
[22937 - Suricata-Main] 2024-02-23 13:42:47 Config: detect: building signature grouping structure, stage 1: preprocessing rules... complete
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'etpro.clsid.detected' is checked but not set. Checked in 2002172 and 1 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'realplayer.playlist' is checked but not set. Checked in 2102438 and 2 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'ET.GenericPhish_Excel' is checked but not set. Checked in 2023046 and 0 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'ET.Netwire.HB.1' is checked but not set. Checked in 2018282 and 0 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'ET.GenericPhish_Adobe' is checked but not set. Checked in 2023048 and 0 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:47 Warning: detect-flowbits: flowbit 'is_ssh_client_kex' is checked but not set. Checked in 2001977 and 1 other sigs
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: TCP toserver: 41 port groups, 39 unique SGH's, 2 copies
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: UDP toserver: 41 port groups, 39 unique SGH's, 2 copies
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: UDP toclient: 21 port groups, 19 unique SGH's, 2 copies
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: OTHER toserver: 254 proto groups, 11 unique SGH's, 243 copies
[22937 - Suricata-Main] 2024-02-23 13:42:48 Perf: detect: OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Unique rule groups: 129
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toserver TCP packet": 35
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toclient TCP packet": 20
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toserver TCP stream": 38
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toclient TCP stream": 21
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toserver UDP packet": 37
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "toclient UDP packet": 19
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Builtin MPM "other IP packet": 3
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_uri (http)": 20
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_uri (http2)": 20
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_uri (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_uri (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_request_line (http)": 12
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_request_line (http2)": 12
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_client_body (http)": 16
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_client_body (http2)": 16
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_response_line (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_response_line (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_header (http)": 22
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_header (http)": 22
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_header (http2)": 22
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_header (http2)": 22
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_header_names (http)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_header_names (http)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_header_names (http2)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_header_names (http2)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept (http)": 8
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept (http2)": 8
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept_enc (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept_enc (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept_lang (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_accept_lang (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_referer (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_referer (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_connection (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_connection (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_connection (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_connection (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_content_len (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_content_len (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_content_len (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_content_len (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_content_type (http)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_content_type (http2)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_content_type (http)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_content_type (http2)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http.server (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http.server (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http.location (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http.location (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_protocol (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_protocol (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_protocol (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_protocol (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_start (http)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_start (http)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_header (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_raw_header (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_header (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_raw_header (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_method (http)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_method (http2)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_cookie (http)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_cookie (http)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_cookie (http2)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_cookie (http2)": 7
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_user_agent (http)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_user_agent (http2)": 15
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_host (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_host (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_host (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_host (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_host (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver http_raw_host (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_stat_msg (http)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_stat_msg (http2)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_stat_code (http)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient http_stat_code (http2)": 5
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver dns_query (dns)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver dns_query (dns)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.sni (tls)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.cert_issuer (tls)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient tls.cert_issuer (tls)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.cert_subject (tls)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient tls.cert_subject (tls)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient tls.cert_serial (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.cert_serial (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient tls.cert_fingerprint (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.cert_fingerprint (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient tls.certs (tls)": 3
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver tls.certs (tls)": 3
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver ja3.hash (tls)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver ja3.hash (quic)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient ja3s.hash (tls)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient ja3s.hash (quic)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver ssh.proto (ssh)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient ssh.proto (ssh)": 2
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver ssh_software (ssh)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient ssh_software (ssh)": 1
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (nfs)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (nfs)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (smb)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (smb)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (ftp)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (ftp)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (ftp-data)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (ftp-data)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (http)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (http)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file_data (http2)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (http2)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file_data (smtp)": 33
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (nfs)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (nfs)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (smb)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (smb)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (ftp)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (ftp)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (ftp-data)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (ftp-data)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (http)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (http)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.name (http2)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (http2)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.name (smtp)": 6
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (nfs)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (nfs)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (smb)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (smb)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (ftp)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (ftp)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (ftp-data)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (ftp-data)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (http)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toclient file.magic (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (http2)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: AppLayer MPM "toserver file.magic (smtp)": 4
[22937 - Suricata-Main] 2024-02-23 13:42:50 Perf: detect: Pkt MPM "tcp.hdr": 1
[22937 - Suricata-Main] 2024-02-23 13:43:02 Notice: detect: rule reload complete