API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2014
18
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.84 KB | None | 0 0
raw download clone embed print report
  1. Executing: suricata -v --user sguil --group sguil -c /etc/nsm/hera-na0-eth1/suricata.yaml --pfring=eth1 -F /etc/nsm/hera-na0-eth1/bpf-ids.conf -l /nsm/sensor_data/hera-na0-eth1
  2. 18/6/2014 -- 12:51:48 - <Notice> - This is Suricata version 2.0.1 RELEASE
  3. 18/6/2014 -- 12:51:48 - <Info> - CPUs/cores online: 8
  4. 18/6/2014 -- 12:51:48 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
  5. 18/6/2014 -- 12:51:48 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization.
  6. 18/6/2014 -- 12:51:48 - <Info> - HTTP memcap: 268435456
  7. 18/6/2014 -- 12:51:48 - <Info> - DNS request flood protection level: 500
  8. 18/6/2014 -- 12:51:48 - <Info> - DNS per flow memcap (state-memcap): 524288
  9. 18/6/2014 -- 12:51:48 - <Info> - DNS global memcap: 16777216
  10. 18/6/2014 -- 12:51:48 - <Info> - Found an MTU of 1500 for 'eth1'
  11. 18/6/2014 -- 12:51:48 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
  12. 18/6/2014 -- 12:51:48 - <Info> - preallocated 65535 defrag trackers of size 152
  13. 18/6/2014 -- 12:51:48 - <Info> - defrag memory usage: 13631336 bytes, maximum: 33554432
  14. 18/6/2014 -- 12:51:48 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
  15. 18/6/2014 -- 12:51:48 - <Info> - preallocated 1024 packets. Total memory 3567616
  16. 18/6/2014 -- 12:51:48 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
  17. 18/6/2014 -- 12:51:48 - <Info> - preallocated 1000 hosts of size 112
  18. 18/6/2014 -- 12:51:48 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
  19. 18/6/2014 -- 12:51:48 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
  20. 18/6/2014 -- 12:51:48 - <Info> - preallocated 5000 flows of size 280
  21. 18/6/2014 -- 12:51:48 - <Info> - flow memory usage: 5634304 bytes, maximum: 134217728
  22. 18/6/2014 -- 12:51:48 - <Info> - IP reputation disabled
  23. 18/6/2014 -- 12:51:48 - <Info> - using magic-file /usr/share/file/magic
  24. 18/6/2014 -- 12:51:48 - <Info> - Delayed detect disabled
  25. 18/6/2014 -- 12:51:48 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/nsm/rules/local.rules
  26. 18/6/2014 -- 12:51:49 - <Info> - 2 rule files processed. 7444 rules successfully loaded, 0 rules failed
  27. 18/6/2014 -- 12:51:49 - <Info> - 7445 signatures processed. 284 are IP-only rules, 3427 are inspecting packet payload, 5017 inspect application layer, 40 are decoder event only
  28. 18/6/2014 -- 12:51:49 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
  29. 18/6/2014 -- 12:51:49 - <Info> - building signature grouping structure, stage 2: building source address list... complete
  30. 18/6/2014 -- 12:51:50 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
  31. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406159, gid 1: unknown rule
  32. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406169, gid 1: unknown rule
  33. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406173, gid 1: unknown rule
  34. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406323, gid 1: unknown rule
  35. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406683, gid 1: unknown rule
  36. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406749, gid 1: unknown rule
  37. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406815, gid 1: unknown rule
  38. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2406851, gid 1: unknown rule
  39. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2002330, gid 1: unknown rule
  40. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013504, gid 1: unknown rule
  41. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2002334, gid 1: unknown rule
  42. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2008120, gid 1: unknown rule
  43. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2009702, gid 1: unknown rule
  44. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2009475, gid 1: unknown rule
  45. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2805380, gid 1: unknown rule
  46. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2003068, gid 1: unknown rule
  47. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2001219, gid 1: unknown rule
  48. 18/6/2014 -- 12:51:51 - <Warning> - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2016857, gid 1: unknown rule
  49. 18/6/2014 -- 12:51:51 - <Info> - Threshold config parsed: 25 rule(s) found
  50. 18/6/2014 -- 12:51:51 - <Info> - Core dump size set to unlimited.
  51. 18/6/2014 -- 12:51:51 - <Info> - dropped the caps for main thread
  52. 18/6/2014 -- 12:51:51 - <Info> - Unified2-alert initialized: filename snort.unified2, limit 32 MB
  53. 18/6/2014 -- 12:51:51 - <Info> - Using flow cluster mode for PF_RING (iface eth1)
  54. 18/6/2014 -- 12:51:51 - <Info> - Going to use 2 ReceivePfring receive thread(s)
  55. 18/6/2014 -- 12:51:51 - <Info> - (RxPFR1) Using PF_RING v.5.6.1, interface eth1, cluster-id 51
  56. 18/6/2014 -- 12:51:51 - <Info> - (RxPFR2) Using PF_RING v.5.6.1, interface eth1, cluster-id 51
  57. 18/6/2014 -- 12:51:51 - <Info> - RunModeIdsPfringAutoFp initialised
  58. 18/6/2014 -- 12:51:51 - <Info> - stream "prealloc-sessions": 2048 (per thread)
  59. 18/6/2014 -- 12:51:51 - <Info> - stream "memcap": 134217728
  60. 18/6/2014 -- 12:51:51 - <Info> - stream "midstream" session pickups: disabled
  61. 18/6/2014 -- 12:51:51 - <Info> - stream "async-oneside": disabled
  62. 18/6/2014 -- 12:51:51 - <Info> - stream "checksum-validation": enabled
  63. 18/6/2014 -- 12:51:51 - <Info> - stream."inline": disabled
  64. 18/6/2014 -- 12:51:51 - <Info> - stream "max-synack-queued": 5
  65. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly "memcap": 2147483648
  66. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly "depth": 4194304
  67. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly "toserver-chunk-size": 2524
  68. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly "toclient-chunk-size": 2508
  69. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly.raw: enabled
  70. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 4, prealloc 256
  71. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 16, prealloc 1500
  72. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 112, prealloc 2000
  73. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 248, prealloc 12500
  74. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 512, prealloc 12500
  75. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 768, prealloc 1024
  76. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 1448, prealloc 3500
  77. 18/6/2014 -- 12:51:51 - <Info> - segment pool: pktsize 65535, prealloc 2000
  78. 18/6/2014 -- 12:51:51 - <Info> - stream.reassembly "chunk-prealloc": 250
  79. 18/6/2014 -- 12:51:51 - <Notice> - all 14 packet processing threads, 3 management threads initialized, engine started.
  80. 18/6/2014 -- 14:08:22 - <Notice> - Signal Received. Stopping engine.
  81. 18/6/2014 -- 14:08:22 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
  82. 18/6/2014 -- 14:08:27 - <Info> - time elapsed 4596.393s
  83. 18/6/2014 -- 14:08:27 - <Info> - (RxPFR1) Kernel: Packets 13452167, dropped 0
  84. 18/6/2014 -- 14:08:27 - <Info> - (RxPFR1) Packets 13452167, bytes 9660526613
  85. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Total flow handler queues - 12
  86. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 0 - pkts: 2377320 flows: 71336
  87. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 1 - pkts: 1819938 flows: 62632
  88. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 2 - pkts: 1760431 flows: 43008
  89. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 3 - pkts: 1545000 flows: 36216
  90. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 4 - pkts: 814775 flows: 24580
  91. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 5 - pkts: 1005161 flows: 32034
  92. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 6 - pkts: 1102591 flows: 23567
  93. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 7 - pkts: 829388 flows: 21095
  94. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 8 - pkts: 679968 flows: 20852
  95. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 9 - pkts: 766488 flows: 18833
  96. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 10 - pkts: 363549 flows: 14732
  97. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 11 - pkts: 414671 flows: 10837
  98. 18/6/2014 -- 14:08:27 - <Info> - (RxPFR2) Kernel: Packets 14434885, dropped 705912
  99. 18/6/2014 -- 14:08:27 - <Info> - (RxPFR2) Packets 14434885, bytes 9969854330
  100. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Total flow handler queues - 12
  101. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 0 - pkts: 2391054 flows: 68111
  102. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 1 - pkts: 1962458 flows: 55166
  103. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 2 - pkts: 1720079 flows: 51801
  104. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 3 - pkts: 1486373 flows: 40172
  105. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 4 - pkts: 1451926 flows: 13897
  106. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 5 - pkts: 1560316 flows: 34785
  107. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 6 - pkts: 1200184 flows: 29038
  108. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 7 - pkts: 785715 flows: 25128
  109. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 8 - pkts: 647271 flows: 21372
  110. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 9 - pkts: 622272 flows: 13890
  111. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 10 - pkts: 372803 flows: 12658
  112. 18/6/2014 -- 14:08:27 - <Info> - AutoFP - Queue 11 - pkts: 234710 flows: 9473
  113. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 4614659 TCP packets
  114. 18/6/2014 -- 14:08:27 - <Info> - Alert unified2 module wrote 171 alerts
  115. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 3654820 TCP packets
  116. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 3375122 TCP packets
  117. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 2948917 TCP packets
  118. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 1267789 TCP packets
  119. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 2493868 TCP packets
  120. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 2245792 TCP packets
  121. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 1561780 TCP packets
  122. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 1280996 TCP packets
  123. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 1349586 TCP packets
  124. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 704942 TCP packets
  125. 18/6/2014 -- 14:08:27 - <Info> - Stream TCP processed 626205 TCP packets
  126. 18/6/2014 -- 14:19:23 - <Info> - TCP segment pool of size 112 had a peak use of 2374 segments, more than the prealloc setting of 2000
  127. 18/6/2014 -- 14:19:23 - <Info> - TCP segment pool of size 1448 had a peak use of 4880 segments, more than the prealloc setting of 3500
  128. 18/6/2014 -- 14:19:23 - <Info> - TCP segment chunk pool had a peak use of 2946 chunks, more than the prealloc setting of 250
  129. 18/6/2014 -- 14:19:23 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
  130. 18/6/2014 -- 14:19:23 - <Info> - cleaning up signature grouping structure... complete
  131. 18/6/2014 -- 14:19:23 - <Notice> - Stats for 'eth1': pkts: 27887052, drop: 705912 (2.53%), invalid chksum: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!