[1] 30/6/2020 -- 22:08:43 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.2 RELEASE running in USER mode
[1] 30/6/2020 -- 22:08:43 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 4
[1] 30/6/2020 -- 22:08:43 - (util-luajit.c:98) <Config> (LuajitSetupStatesPool) -- luajit states preallocated: 128
[1] 30/6/2020 -- 22:08:43 - (app-layer-htp.c:2477) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 32381 and 'request-body-inspect-window' set to 4149 after randomization.
[1] 30/6/2020 -- 22:08:43 - (app-layer-htp.c:2495) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 39153 and 'response-body-inspect-window' set to 17026 after randomization.
[1] 30/6/2020 -- 22:08:43 - (app-layer-smb.c:344) <Config> (RegisterSMBParsers) -- SMB stream depth: 0
[1] 30/6/2020 -- 22:08:43 - (app-layer-modbus.c:1529) <Config> (RegisterModbusParsers) -- Modbus request flood protection level: 500
[1] 30/6/2020 -- 22:08:43 - (app-layer-modbus.c:1540) <Config> (RegisterModbusParsers) -- Modbus stream depth: 0
[1] 30/6/2020 -- 22:08:43 - (app-layer-enip.c:441) <Config> (RegisterENIPUDPParsers) -- Protocol detection and parser disabled for enip protocol.
[1] 30/6/2020 -- 22:08:43 - (app-layer-dnp3.c:1632) <Config> (RegisterDNP3Parsers) -- Registering DNP3/tcp parsers.
[1] 30/6/2020 -- 22:08:43 - (host.c:258) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
[1] 30/6/2020 -- 22:08:43 - (host.c:283) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136
[1] 30/6/2020 -- 22:08:43 - (host.c:285) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432
[1] 30/6/2020 -- 22:08:43 - (util-magic.c:74) <Config> (MagicInit) -- using magic-file /usr/share/misc/magic.mgc
[1] 30/6/2020 -- 22:08:43 - (util-coredump-config.c:142) <Config> (CoredumpLoadConfig) -- Core dump size is unlimited.
[1] 30/6/2020 -- 22:08:43 - (defrag-hash.c:252) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
[1] 30/6/2020 -- 22:08:43 - (defrag-hash.c:279) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 160
[1] 30/6/2020 -- 22:08:43 - (defrag-hash.c:286) <Config> (DefragInitConfig) -- defrag memory usage: 14155616 bytes, maximum: 33554432
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:398) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread)
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:418) <Config> (StreamTcpInitConfig) -- stream "memcap": 67108864
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:424) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:430) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:445) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": disabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:473) <Config> (StreamTcpInitConfig) -- stream."inline": disabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:486) <Config> (StreamTcpInitConfig) -- stream "bypass": disabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:510) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:531) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:550) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:625) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2535
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:627) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2545
[1] 30/6/2020 -- 22:08:43 - (stream-tcp.c:640) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled
[1] 30/6/2020 -- 22:08:43 - (stream-tcp-reassemble.c:372) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048
[1] 30/6/2020 -- 22:08:43 - (util-logopenfile.c:473) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'anomaly'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'http'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dns'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tls'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'files'
[1] 30/6/2020 -- 22:08:43 - (output-json-file.c:369) <Config> (OutputFileLogInitSub) -- forcing magic lookup for logged files
[1] 30/6/2020 -- 22:08:43 - (util-file.c:192) <Config> (FileForceHashParseCfg) -- forcing md5 calculation for logged or stored files
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smtp'
[1] 30/6/2020 -- 22:08:43 - (output-json-email-common.c:453) <Info> (OutputEmailInitConf) -- Going to log the md5 sum of email body
[1] 30/6/2020 -- 22:08:43 - (output-json-email-common.c:457) <Info> (OutputEmailInitConf) -- Going to log the md5 sum of email subject
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dnp3'
[1] 30/6/2020 -- 22:08:43 - (output-json-dnp3.c:389) <Info> (OutputDNP3LogInitSub) -- DNP3 log sub-module initialized.
[1] 30/6/2020 -- 22:08:43 - (output-json-dnp3.c:389) <Info> (OutputDNP3LogInitSub) -- DNP3 log sub-module initialized.
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ftp'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'rdp'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'nfs'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smb'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tftp'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ikev2'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'krb5'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'snmp'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'sip'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dhcp'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ssh'
[1] 30/6/2020 -- 22:08:43 - (runmodes.c:626) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'stats'
[1] 30/6/2020 -- 22:08:43 - (output-json-stats.c:465) <Error> (OutputStatsLogInitSub) -- [ERRCODE: SC_ERR_STATS_LOG_GENERIC(278)] - eve.stats: stats are disabled globally: set stats.enabled to true. See https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html#stats
[1] 30/6/2020 -- 22:08:43 - (suricata.c:2468) <Config> (SetupDelayedDetect) -- Delayed detect disabled
[1] 30/6/2020 -- 22:08:43 - (detect-engine.c:1975) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: ac, SPM: bm
[1] 30/6/2020 -- 22:08:43 - (detect-engine.c:2376) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
[1] 30/6/2020 -- 22:08:43 - (detect-engine.c:2400) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060
[1] 30/6/2020 -- 22:08:43 - (detect-engine.c:2428) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.server
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http.location
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.name
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file.magic
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dnp3_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.sni
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_issuer
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_subject
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_serial
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.cert_fingerprint
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls.certs
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.hash
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3.string
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.hash
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ja3s.string
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_named_pipe
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for smb_share
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh.proto
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_cname
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for krb5_sname
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.uri
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.protocol
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.method
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.stat_msg
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.request_line
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for sip.response_line
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:246) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for snmp.community
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for tcp.hdr
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for udp.hdr
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv4.hdr
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:413) <Perf> (DetectMpmInitializePktMpms) -- using shared mpm ctx' for ipv6.hdr
[1] 30/6/2020 -- 22:08:43 - (reputation.c:607) <Config> (SRepInit) -- IP reputation disabled
[1] 30/6/2020 -- 22:08:43 - (detect-engine-loader.c:249) <Config> (ProcessSigFiles) -- Loading rule file: /myrules.rules
[1] 30/6/2020 -- 22:08:43 - (detect-engine-loader.c:352) <Info> (SigLoadSignatures) -- 1 rule files processed. 3 rules successfully loaded, 0 rules failed
[1] 30/6/2020 -- 22:08:43 - (util-threshold-config.c:1126) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:470) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1412) <Info> (SigAddressPrepareStage1) -- 3 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 2 inspect application layer, 0 are decoder event only
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1418) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- TCP toserver: 1 port groups, 1 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- TCP toclient: 1 port groups, 1 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- UDP toserver: 1 port groups, 1 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1256) <Perf> (RulesGroupByPorts) -- UDP toclient: 0 port groups, 0 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1004) <Perf> (RulesGroupByProto) -- OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1041) <Perf> (RulesGroupByProto) -- OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1784) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 3
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1156) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 0
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1163) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_host (http)": 1
[1] 30/6/2020 -- 22:08:43 - (detect-engine-mpm.c:1163) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver dns_query (dns)": 1
[1] 30/6/2020 -- 22:08:43 - (tmqh-flow.c:88) <Config> (TmqhFlowPrintAutofpHandler) -- AutoFP mode using "Hash" flow load balancer
[1] 30/6/2020 -- 22:08:43 - (flow-manager.c:901) <Config> (FlowManagerThreadSpawn) -- using 1 flow manager threads
[1] 30/6/2020 -- 22:08:43 - (flow-manager.c:1062) <Config> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
[1] 30/6/2020 -- 22:08:43 - (tm-threads.c:2169) <Notice> (TmThreadWaitOnThreadInit) -- all 5 packet processing threads, 2 management threads initialized, engine started.
[6] 30/6/2020 -- 22:08:43 - (source-pcap-file.c:176) <Info> (ReceivePcapFileLoop) -- Starting file run for /facebook.pcap
[6] 30/6/2020 -- 22:08:43 - (source-pcap-file-helper.c:148) <Info> (PcapFileDispatch) -- pcap file /facebook.pcap end of file reached (pcap err code 0)
[1] 30/6/2020 -- 22:08:43 - (suricata.c:2916) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
[11] 30/6/2020 -- 22:08:43 - (flow-manager.c:878) <Perf> (FlowManager) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state
[1] 30/6/2020 -- 22:08:43 - (suricata.c:1103) <Info> (SCPrintElapsedTime) -- time elapsed 0.033s
[12] 30/6/2020 -- 22:08:43 - (flow-manager.c:1031) <Perf> (FlowRecycler) -- 3 flows processed
[6] 30/6/2020 -- 22:08:43 - (source-pcap-file.c:372) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 6 packets, 503 bytes
[1] 30/6/2020 -- 22:08:43 - (tmqh-flow.c:215) <Perf> (TmqhOutputFlowFreeCtx) -- AutoFP - Total flow handler queues - 4
[1] 30/6/2020 -- 22:08:43 - (counters.c:853) <Info> (StatsLogSummary) -- Alerts: 0
[1] 30/6/2020 -- 22:08:43 - (ippair.c:295) <Perf> (IPPairPrintStats) -- ippair memory usage: 414144 bytes, maximum: 16777216
[1] 30/6/2020 -- 22:08:43 - (host.c:300) <Perf> (HostPrintStats) -- host memory usage: 398144 bytes, maximum: 33554432
[1] 30/6/2020 -- 22:08:43 - (detect-engine-build.c:1716) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete