7/2/2020 -- 13:52:14 - -- This is Suricata version 4.1.6 RELEASE 7/2/2020 -- 13:52:14 - -- CPUs/cores online: 4 7/2/2020 -- 13:52:14 - -- HTTP memcap: 67108864 7/2/2020 -- 13:52:14 - -- using flow hash instead of active packets 7/2/2020 -- 13:52:14 - -- alert-pf -> Creating automatic firewall interface IP address Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface igb0 IPv6 address fe80:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:a244 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface igb0 IPv4 address xxx.xxx.xxx.208 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface igb0 IPv6 address 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:e430 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface em0 IPv4 address 192.168.1.1 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface em0 IPv4 address 10.10.10.1 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface em0 IPv6 address 2601:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:a243 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface em0 IPv6 address fe80:0000:0000:0000:0000:0000:0001:0001 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface lo0 IPv6 address 0000:0000:0000:0000:0000:0000:0000:0001 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface lo0 IPv6 address fe80:0000:0000:0000:0000:0000:0000:0001 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface lo0 IPv4 address 127.0.0.1 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface ovpns1 IPv6 address fe80:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:a244 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface ovpns1 IPv4 address 192.168.0.1 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf -> adding firewall interface ovpns1 IPv6 address fe80:0000:0000:0000:0000:0000:0000:0001 to automatic interface IP Pass List. 7/2/2020 -- 13:52:14 - -- alert-pf output device (regular) initialized: block.log 7/2/2020 -- 13:52:14 - -- alert-pf -> Pass List /usr/local/etc/suricata/suricata_59788_em0/passlist parsed: 16 IP addresses loaded. 7/2/2020 -- 13:52:14 - -- alert-pf -> Created firewall interface IP change monitor thread for auto-whitelisting of firewall interface IP addresses. 7/2/2020 -- 13:52:14 - -- alert-pf output initialized, pf-table=snort2c block-ip=both kill-state=on block-drops-only=off 7/2/2020 -- 13:52:14 - -- alert-pf -> Firewall interface IP address change notification monitoring thread started. 7/2/2020 -- 13:52:14 - -- fast output device (regular) initialized: alerts.log 7/2/2020 -- 13:52:14 - -- http-log output device (regular) initialized: http.log 7/2/2020 -- 13:52:14 - -- tls-log output device (regular) initialized: tls.log 7/2/2020 -- 13:52:14 - -- stats output device (regular) initialized: stats.log 7/2/2020 -- 13:52:18 - -- 2 rule files processed. 19108 rules successfully loaded, 0 rules failed 7/2/2020 -- 13:52:18 - -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210037, gid 1: unknown rule 7/2/2020 -- 13:52:18 - -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210041, gid 1: unknown rule 7/2/2020 -- 13:52:18 - -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210051, gid 1: unknown rule 7/2/2020 -- 13:52:18 - -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210049, gid 1: unknown rule 7/2/2020 -- 13:52:18 - -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2210048, gid 1: unknown rule 7/2/2020 -- 13:52:18 - -- Threshold config parsed: 83 rule(s) found 7/2/2020 -- 13:52:18 - -- 19108 signatures processed. 210 are IP-only rules, 3900 are inspecting packet payload, 16729 inspect application layer, 103 are decoder event only 7/2/2020 -- 13:52:29 - -- Using 1 live device(s). 7/2/2020 -- 13:52:29 - -- using interface em0 7/2/2020 -- 13:52:29 - -- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets. 7/2/2020 -- 13:52:29 - -- Set snaplen to 1518 for 'em0' 7/2/2020 -- 13:52:29 - -- RunModeIdsPcapAutoFp initialised 7/2/2020 -- 13:52:29 - -- all 5 packet processing threads, 4 management threads initialized, engine started. 7/2/2020 -- 13:52:30 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:30 - -- alert-pf -> deleted address 192.168.1.1 from automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:30 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:30 - -- alert-pf -> deleted address 10.10.10.1 from automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:34 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:34 - -- alert-pf -> added address 192.168.1.1 to automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:34 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:34 - -- alert-pf -> added address 10.10.10.1 to automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:39 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:39 - -- alert-pf -> deleted address 192.168.1.1 from automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:39 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:39 - -- alert-pf -> deleted address 10.10.10.1 from automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:39 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:39 - -- alert-pf -> added address 192.168.1.1 to automatic firewall interface IP Pass List. 7/2/2020 -- 13:52:39 - -- alert-pf -> Received notification of IP address change on interface em0. 7/2/2020 -- 13:52:39 - -- alert-pf -> added address 10.10.10.1 to automatic firewall interface IP Pass List. 7/2/2020 -- 13:53:11 - -- No packets with invalid checksum, assuming checksum offloading is NOT used