IDS alerts appear in Snorby database with no meaningful description as like "Snort Alert [x:y]"
Sami J. Mäkinen
Hello, I have noticed in the last couple of weeks, that occasionally my SO setup begins generating Snorby alerts with no meaningful description.
It seems that somehow, sometimes, the Barnyard2 process inserts new alerts with the generic description like "Snort Alert [x:y]" - and what is worse, it seems to use that alert description for future alerts with same SID ever since.
I am using Suricata as my IDS engine, in case it matters. I don't think so, because this issue seems to be Barnyard2 related.
I studied the database and googled around a bit, and came up with a solution to update the alert descriptions occasionally with a Python script.
The script is attached. It might be helpful for other people with similar problem.
Has anyone else noticed the same issue with alert descriptions?
-sjm
Doug Burks
Is this a standalone sensor, or do you have multiple sensors?
What ruleset are you using?
Is pulledpork updating the ruleset properly?
Please send the output of the following (redacting sensitive info as necessary):
sudo sosat-redacted
Thanks,
Doug
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Doug Burks
http://securityonion.blogspot.com
Sami J. Mäkinen
> Is this a standalone sensor, or do you have multiple sensors?
Currently, I have one server and one sensor, on different machines.
> What ruleset are you using?
My pulledpork says:
Prepping rules from snortrules-snapshot-2953.tar.gz for work....
Prepping rules from emerging.rules.tar.gz for work....
> Is pulledpork updating the ruleset properly?
Yes it is, and I get alerts. So the whole is generally working a-ok.
I had to use disablesid and threshold.conf quite extensively,
because we have a very busy network with lots of hosted servers and services.
In a couple of weeks I managed to adjust false alerts to acceptable levels.
The only issue here is that occasionally I get those "generic" alerts
with no meaningful description.
> Please send the output of the following (redacting sensitive info as necessary):
>
> sudo sosat-redacted
This was run on the server.
=========================================================================
Service Status
=========================================================================
Status: securityonion
* sguil server[ OK ]
Status: HIDS
* ossec_agent (sguil)[ OK ]
=========================================================================
Interface Status
=========================================================================
eth0 Link encap:Ethernet HWaddr c8:60:00:6d:b6:32
inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
inet6 addr: xxx
inet6 addr: xxx
inet6 addr: xxx
inet6 addr: fe80::ca60:ff:fe6d:b632/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:698430 errors:0 dropped:2 overruns:0 frame:0
TX packets:278959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:102179888 (102.1 MB) TX bytes:174181762 (174.1 MB)
Interrupt:18 Memory:fb500000-fb520000
lo Link encap:Local Loopback
inet addr:X.X.X.X Mask:X.X.X.X
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:31819 errors:0 dropped:0 overruns:0 frame:0
TX packets:31819 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10008476 (10.0 MB) TX bytes:10008476 (10.0 MB)
=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/sys_sibuli-root 92G 3.1G 84G 4% /
udev 15G 4.0K 15G 1% /dev
tmpfs 5.9G 492K 5.9G 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 15G 0 15G 0% /run/shm
/dev/md0 992M 54M 887M 6% /boot
/dev/mapper/sys_sibuli-home 92G 259M 87G 1% /home
/dev/mapper/sys_sibuli-var 459G 676M 435G 1% /var
/dev/mapper/sys_sibuli-nsm 2.1T 72M 1.9T 1% /nsm
=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1165 root 3u IPv4 13767 0t0 TCP *:22 (LISTEN)
sshd 1165 root 4u IPv6 13769 0t0 TCP *:22 (LISTEN)
mysqld 1291 mysql 10u IPv4 14217 0t0 TCP X.X.X.X:3306 (LISTEN)
mysqld 1291 mysql 689u IPv4 617558 0t0 TCP X.X.X.X:3306->X.X.X.X:48734 (ESTABLISHED)
memcached 1307 memcache 26u IPv4 14181 0t0 TCP X.X.X.X:11211 (LISTEN)
memcached 1307 memcache 27u IPv4 14182 0t0 UDP X.X.X.X:11211
nfacctd 1322 root 4u IPv6 11898 0t0 UDP *:2100
epmd 1457 rabbitmq 3u IPv4 10549 0t0 TCP *:4369 (LISTEN)
epmd 1457 rabbitmq 4u IPv4 11947 0t0 TCP X.X.X.X:4369->X.X.X.X:59975 (ESTABLISHED)
beam.smp 1480 rabbitmq 8u IPv4 1472 0t0 TCP *:34862 (LISTEN)
beam.smp 1480 rabbitmq 9u IPv4 1474 0t0 TCP X.X.X.X:59975->X.X.X.X:4369 (ESTABLISHED)
beam.smp 1480 rabbitmq 16u IPv6 1481 0t0 TCP *:5672 (LISTEN)
sfacctd 1615 root 4u IPv6 11968 0t0 UDP *:6343
ntpd 1635 ntp 16u IPv4 14575 0t0 UDP *:123
ntpd 1635 ntp 17u IPv6 14576 0t0 UDP *:123
ntpd 1635 ntp 18u IPv4 14582 0t0 UDP X.X.X.X:123
ntpd 1635 ntp 19u IPv4 14583 0t0 UDP X.X.X.X:123
ntpd 1635 ntp 20u IPv6 14584 0t0 UDP [::1]:123
apache2 1718 root 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1718 root 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1718 root 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1765 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1765 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1765 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1766 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1766 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1766 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1767 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1767 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1767 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1768 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1768 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1768 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1769 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1769 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1769 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 1785 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 1785 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 1785 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
apache2 4027 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 4027 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 4027 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
sshd 4359 root 3u IPv4 19102 0t0 TCP X.X.X.X:22->X.X.X.X:39628 (ESTABLISHED)
sshd 4604 sensor1 3u IPv4 19102 0t0 TCP X.X.X.X:22->X.X.X.X:39628 (ESTABLISHED)
sshd 4604 sensor1 8u IPv4 481965 0t0 TCP X.X.X.X:48734->X.X.X.X:3306 (ESTABLISHED)
apache2 5737 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 5737 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 5737 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
tclsh 7279 root 13u IPv4 446720 0t0 TCP *:7734 (LISTEN)
tclsh 7279 root 14u IPv4 446721 0t0 TCP *:7736 (LISTEN)
tclsh 7279 root 15u IPv4 690548 0t0 TCP X.X.X.X:7736->X.X.X.X:54866 (ESTABLISHED)
tclsh 7279 root 16u IPv4 690594 0t0 TCP X.X.X.X:7736->X.X.X.X:54867 (ESTABLISHED)
tclsh 7279 root 17u IPv4 690452 0t0 TCP X.X.X.X:7736->X.X.X.X:49357 (ESTABLISHED)
tclsh 7279 root 18u IPv4 690410 0t0 TCP X.X.X.X:7736->X.X.X.X:54865 (ESTABLISHED)
apache2 18658 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 18658 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 18658 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
sshd 22522 root 3u IPv4 682303 0t0 TCP X.X.X.X:22->X.X.X.X:40091 (ESTABLISHED)
sshd 22864 root 3u IPv4 682342 0t0 TCP X.X.X.X:22->X.X.X.X:40093 (ESTABLISHED)
sshd 23118 root 3u IPv4 682370 0t0 TCP X.X.X.X:22->X.X.X.X:40114 (ESTABLISHED)
apache2 24054 www-data 4u IPv6 14642 0t0 TCP *:443 (LISTEN)
apache2 24054 www-data 6u IPv6 14646 0t0 TCP *:9876 (LISTEN)
apache2 24054 www-data 8u IPv6 14650 0t0 TCP *:444 (LISTEN)
tclsh 25245 root 3u IPv4 687468 0t0 TCP X.X.X.X:49357->X.X.X.X:7736 (ESTABLISHED)
ruby1.9.1 29275 www-data 12u IPv4 694848 0t0 TCP X.X.X.X:48421 (LISTEN)
=========================================================================
IDS Rules Update
=========================================================================
Thu Oct 31 07:01:01 UTC 2013
Backing up current local_rules.xml file.
Cleaning up local_rules.xml backup files older than 30 days.
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Backing up current local.rules file before it gets overwritten.
Cleaning up local.rules backup files older than 30 days.
Running PulledPork.
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.6.1 the Smoking Pig <////~
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for snortrules-snapshot-2953.tar.gz....
Rules tarball download of snortrules-snapshot-2953.tar.gz....
They Match
Done!
Prepping rules from snortrules-snapshot-2953.tar.gz for work....
Done!
Checking latest MD5 for emerging.rules.tar.gz....
Rules tarball download of emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
Done
Reading rules...
Reading rules...
Reading rules...
Processing /etc/nsm/pulledpork/enablesid.conf....
Modified 0 rules
Done
Processing /etc/nsm/pulledpork/dropsid.conf....
Modified 0 rules
Done
Processing /etc/nsm/pulledpork/disablesid.conf....
Modified 2778 rules
Done
Modifying Sids....
Done!
Setting Flowbit State....
Enabled 91 flowbits
Enabled 1 flowbits
Enabled 1 flowbits
Done
Writing /etc/nsm/rules/downloaded.rules....
Done
Writing /etc/nsm/rules/so_rules.rules....
Done
Generating sid-msg.map....
Done
Writing /etc/nsm/rules/sid-msg.map....
Done
Writing /var/log/sid_changes.log....
Done
Rule Stats....
New:-------49
Deleted:---10
Enabled Rules:----16695
Dropped Rules:----0
Disabled Rules:---20146
Total Rules:------36841
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
=========================================================================
CPU Usage
=========================================================================
top - 13:57:42 up 1 day, 3:31, 3 users, load average: 0.15, 0.12, 0.08
Tasks: 204 total, 1 running, 203 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3%us, 0.3%sy, 0.0%ni, 99.3%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 30830864k total, 2808204k used, 28022660k free, 363628k buffers
Swap: 62496764k total, 0k used, 62496764k free, 1436580k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
82 root 20 0 0 0 0 S 2 0.0 0:03.59 kworker/3:1
1 root 20 0 24444 2336 1344 S 0 0.0 0:01.17 init
2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0 0.0 0:03.10 ksoftirqd/0
5 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/0:0H
7 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/u:0H
8 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/0
9 root 20 0 0 0 0 S 0 0.0 0:00.00 rcu_bh
10 root 20 0 0 0 0 S 0 0.0 0:22.40 rcu_sched
11 root RT 0 0 0 0 S 0 0.0 0:00.33 watchdog/0
12 root RT 0 0 0 0 S 0 0.0 0:00.32 watchdog/1
13 root 20 0 0 0 0 S 0 0.0 0:03.16 ksoftirqd/1
14 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/1
15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0
16 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/1:0H
17 root RT 0 0 0 0 S 0 0.0 0:00.30 watchdog/2
18 root 20 0 0 0 0 S 0 0.0 0:02.88 ksoftirqd/2
19 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/2
20 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0
21 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/2:0H
22 root RT 0 0 0 0 S 0 0.0 0:00.30 watchdog/3
23 root 20 0 0 0 0 S 0 0.0 0:02.86 ksoftirqd/3
24 root RT 0 0 0 0 S 0 0.0 0:00.02 migration/3
26 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/3:0H
27 root RT 0 0 0 0 S 0 0.0 0:00.33 watchdog/4
28 root 20 0 0 0 0 S 0 0.0 0:03.94 ksoftirqd/4
29 root RT 0 0 0 0 S 0 0.0 0:00.37 migration/4
30 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/4:0
31 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/4:0H
32 root RT 0 0 0 0 S 0 0.0 0:00.32 watchdog/5
33 root 20 0 0 0 0 S 0 0.0 0:02.03 ksoftirqd/5
34 root RT 0 0 0 0 S 0 0.0 0:00.38 migration/5
35 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/5:0
36 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/5:0H
37 root RT 0 0 0 0 S 0 0.0 0:00.31 watchdog/6
38 root 20 0 0 0 0 S 0 0.0 0:01.93 ksoftirqd/6
39 root RT 0 0 0 0 S 0 0.0 0:00.38 migration/6
40 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/6:0
41 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/6:0H
42 root RT 0 0 0 0 S 0 0.0 0:00.26 watchdog/7
43 root 20 0 0 0 0 S 0 0.0 0:01.97 ksoftirqd/7
44 root RT 0 0 0 0 S 0 0.0 0:00.37 migration/7
45 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/7:0
46 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/7:0H
47 root 0 -20 0 0 0 S 0 0.0 0:00.00 cpuset
48 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper
49 root 20 0 0 0 0 S 0 0.0 0:00.00 kdevtmpfs
50 root 0 -20 0 0 0 S 0 0.0 0:00.00 netns
51 root 20 0 0 0 0 S 0 0.0 0:00.01 bdi-default
52 root 0 -20 0 0 0 S 0 0.0 0:00.00 kintegrityd
53 root 0 -20 0 0 0 S 0 0.0 0:00.00 kblockd
54 root 0 -20 0 0 0 S 0 0.0 0:00.00 ata_sff
55 root 20 0 0 0 0 S 0 0.0 0:00.00 khubd
56 root 0 -20 0 0 0 S 0 0.0 0:00.00 md
57 root 0 -20 0 0 0 S 0 0.0 0:00.00 devfreq_wq
58 root 20 0 0 0 0 S 0 0.0 0:06.87 kworker/0:1
60 root 20 0 0 0 0 S 0 0.0 0:00.05 khungtaskd
61 root 20 0 0 0 0 S 0 0.0 0:00.00 kswapd0
62 root 25 5 0 0 0 S 0 0.0 0:00.00 ksmd
63 root 39 19 0 0 0 S 0 0.0 0:00.00 khugepaged
64 root 20 0 0 0 0 S 0 0.0 0:00.00 fsnotify_mark
65 root 20 0 0 0 0 S 0 0.0 0:00.00 ecryptfs-kthrea
66 root 0 -20 0 0 0 S 0 0.0 0:00.00 crypto
77 root 0 -20 0 0 0 S 0 0.0 0:00.00 kthrotld
80 root 20 0 0 0 0 S 0 0.0 0:13.86 kworker/1:1
81 root 20 0 0 0 0 S 0 0.0 0:02.90 kworker/2:1
83 root 0 -20 0 0 0 S 0 0.0 0:00.00 binder
102 root 0 -20 0 0 0 S 0 0.0 0:00.00 deferwq
103 root 0 -20 0 0 0 S 0 0.0 0:00.00 charger_manager
104 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:2
105 root 20 0 0 0 0 S 0 0.0 0:01.52 kworker/5:1
201 root 20 0 0 0 0 S 0 0.0 0:02.35 kworker/6:1
317 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_0
318 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_1
319 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_2
320 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_3
321 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_4
322 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_5
329 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_6
330 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_7
333 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_8
334 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_9
335 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_10
336 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_11
337 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_12
338 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_13
339 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_14
340 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_15
345 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/u:14
346 root 20 0 0 0 0 S 0 0.0 0:00.96 kworker/u:15
368 root 20 0 0 0 0 S 0 0.0 0:06.54 md1_raid1
372 root 20 0 0 0 0 S 0 0.0 0:00.00 md0_raid1
381 root 20 0 0 0 0 S 0 0.0 0:03.18 kworker/4:1
382 root 20 0 0 0 0 S 0 0.0 0:01.50 kworker/7:1
383 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
390 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
401 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
408 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
415 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
423 root 0 -20 0 0 0 S 0 0.0 0:06.81 kworker/0:1H
429 root 20 0 0 0 0 S 0 0.0 0:02.62 jbd2/dm-1-8
430 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
526 root 20 0 17372 636 448 S 0 0.0 0:00.06 upstart-udev-br
528 root 20 0 21824 1616 808 S 0 0.0 0:00.04 udevd
641 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/4:1H
642 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/7:1H
739 root 20 0 21820 1200 392 S 0 0.0 0:00.00 udevd
742 root 20 0 21820 1040 236 S 0 0.0 0:00.00 udevd
765 root -51 0 0 0 0 S 0 0.0 0:00.00 irq/85-mei
781 root 0 -20 0 0 0 S 0 0.0 0:00.00 hci0
782 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/u:1H
794 root 0 -20 0 0 0 S 0 0.0 0:00.00 edac-poller
796 root 0 -20 0 0 0 S 0 0.0 0:00.00 led_workqueue
801 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/2:1H
806 root 0 -20 0 0 0 S 0 0.0 0:00.00 kpsmoused
808 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/3:1H
809 root 0 -20 0 0 0 S 0 0.0 0:00.00 hd-audio0
812 root 0 -20 0 0 0 S 0 0.0 0:00.00 hd-audio1
844 root 0 -20 0 0 0 S 0 0.0 0:00.00 kvm-irqfd-clean
866 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:2
870 root 0 -20 0 0 0 S 0 0.0 0:00.00 ttm_swap
903 root 0 -20 0 0 0 S 0 0.0 0:00.10 kworker/1:1H
1067 root 20 0 15196 392 196 S 0 0.0 0:00.00 upstart-socket-
1068 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/6:1H
1087 root 20 0 0 0 0 S 0 0.0 0:02.45 flush-252:3
1113 root 20 0 0 0 0 S 0 0.0 0:00.00 jbd2/md0-8
1114 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1117 root 20 0 0 0 0 S 0 0.0 0:00.00 jbd2/dm-2-8
1118 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1121 root 20 0 0 0 0 S 0 0.0 0:02.93 jbd2/dm-3-8
1122 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1128 root 20 0 0 0 0 S 0 0.0 0:01.65 flush-252:1
1133 root 20 0 0 0 0 S 0 0.0 0:00.00 jbd2/dm-4-8
1134 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1165 root 20 0 50040 2920 2316 S 0 0.0 0:00.00 sshd
1178 syslog 20 0 243m 2152 1144 S 0 0.0 0:06.10 rsyslogd
1189 messageb 20 0 23924 992 688 S 0 0.0 0:00.00 dbus-daemon
1246 root 20 0 15792 972 812 S 0 0.0 0:00.00 getty
1253 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1258 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1259 root 20 0 15792 980 812 S 0 0.0 0:00.00 getty
1262 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1269 root 20 0 4336 688 560 S 0 0.0 0:00.00 acpid
1281 root 20 0 19120 1032 796 S 0 0.0 0:00.65 cron
1282 daemon 20 0 16916 380 220 S 0 0.0 0:00.00 atd
1291 mysql 20 0 1442m 134m 8324 S 0 0.4 1:32.41 mysqld
1304 root 20 0 15988 700 516 S 0 0.0 0:17.62 irqbalance
1307 memcache 20 0 315m 1184 852 S 0 0.0 0:02.57 memcached
1322 root 20 0 93504 4600 3412 S 0 0.0 0:00.00 nfacctd
1324 root 20 0 99540 7396 5888 S 0 0.0 0:00.00 nfacctd
1325 whoopsie 20 0 181m 3624 2444 S 0 0.0 0:01.43 whoopsie
1347 root 20 0 12812 528 344 S 0 0.0 0:00.02 ossec-execd
1351 ossec 20 0 14644 2560 816 S 0 0.0 0:03.48 ossec-analysisd
1365 root 20 0 4532 572 428 S 0 0.0 0:07.04 ossec-logcollec
1389 root 20 0 5468 1816 652 S 0 0.0 0:36.70 ossec-syscheckd
1393 ossec 20 0 13076 872 584 S 0 0.0 0:00.13 ossec-monitord
1436 root 20 0 95604 6872 5712 S 0 0.0 0:02.88 pmacctd
1438 root 20 0 99476 9924 8536 S 0 0.0 0:00.65 pmacctd
1457 rabbitmq 20 0 7424 320 216 S 0 0.0 0:00.60 epmd
1480 rabbitmq 20 0 2118m 27m 2160 S 0 0.1 1:28.36 beam.smp
1606 rabbitmq 20 0 4300 352 272 S 0 0.0 0:00.00 cpu_sup
1607 rabbitmq 20 0 7388 416 332 S 0 0.0 0:00.00 inet_gethost
1608 rabbitmq 20 0 9488 616 488 S 0 0.0 0:00.00 inet_gethost
1615 root 20 0 93492 4576 3388 S 0 0.0 0:00.00 sfacctd
1618 root 20 0 99580 7388 5884 S 0 0.0 0:00.00 sfacctd
1635 ntp 20 0 37780 2248 1608 S 0 0.0 0:03.90 ntpd
1656 root 20 0 13376 732 508 S 0 0.0 0:00.01 mdadm
1718 root 20 0 183m 14m 6724 S 0 0.0 0:02.51 apache2
1724 root 20 0 215m 2080 1788 S 0 0.0 0:00.00 PassengerWatchd
1732 root 20 0 929m 2960 2084 S 0 0.0 2:14.91 PassengerHelper
1736 root 20 0 109m 9628 2264 S 0 0.0 0:00.06 ruby1.9.1
1740 nobody 20 0 165m 4664 3636 S 0 0.0 0:00.20 PassengerLoggin
1762 root 20 0 15792 972 812 S 0 0.0 0:00.00 getty
1765 www-data 20 0 185m 13m 4552 S 0 0.0 0:04.60 apache2
1766 www-data 20 0 184m 13m 4520 S 0 0.0 0:04.03 apache2
1767 www-data 20 0 184m 13m 4428 S 0 0.0 0:03.53 apache2
1768 www-data 20 0 184m 13m 4520 S 0 0.0 0:04.29 apache2
1769 www-data 20 0 184m 13m 4460 S 0 0.0 0:04.40 apache2
1785 www-data 20 0 184m 13m 4580 S 0 0.0 0:03.92 apache2
4027 www-data 20 0 184m 13m 4572 S 0 0.0 0:04.07 apache2
4207 root 19 -1 14896 1932 304 S 0 0.0 0:05.92 dema
4267 www-data 20 0 426m 102m 3892 S 0 0.3 3:02.01 ruby
4359 root 20 0 77572 3616 2804 S 0 0.0 0:00.00 sshd
4604 sensor1 20 0 77720 1776 888 S 0 0.0 0:01.07 sshd
5737 www-data 20 0 184m 13m 4572 S 0 0.0 0:03.62 apache2
6057 root 20 0 12316 1356 1144 S 0 0.0 0:00.00 sostat-redacted
6058 root 20 0 12332 1496 1264 S 0 0.0 0:00.00 sostat
6059 root 20 0 11508 820 696 S 0 0.0 0:00.00 sed
6133 root 20 0 17472 1344 944 R 0 0.0 0:00.00 top
7279 root 20 0 304m 188m 3824 S 0 0.6 0:13.40 tclsh
7282 root 20 0 121m 3772 760 S 0 0.0 0:01.02 tclsh
7283 root 20 0 121m 3572 552 S 0 0.0 0:00.00 tclsh
18658 www-data 20 0 184m 12m 3852 S 0 0.0 0:03.51 apache2
22522 root 20 0 77572 3708 2880 S 0 0.0 0:00.03 sshd
22757 root 20 0 24104 5404 1744 S 0 0.0 0:00.18 bash
22864 root 20 0 77572 3704 2880 S 0 0.0 0:00.04 sshd
23001 root 20 0 24160 5484 1764 S 0 0.0 0:00.20 bash
23118 root 20 0 77572 3704 2880 S 0 0.0 0:00.04 sshd
23255 root 20 0 24096 5372 1716 S 0 0.0 0:00.15 bash
24054 www-data 20 0 184m 11m 3040 S 0 0.0 0:03.34 apache2
25182 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/5:1H
25245 root 20 0 36868 5860 3016 S 0 0.0 0:00.07 tclsh
25247 root 20 0 7204 608 516 S 0 0.0 0:00.00 tail
29275 www-data 20 0 352m 92m 3452 S 0 0.3 0:54.65 ruby1.9.1
=========================================================================
Sguil Uncategorized Events
=========================================================================
COUNT(*)
99431
=========================================================================
Sguil events summary for yesterday
=========================================================================
Totals GenID:SigID Signature
391 1:2002028 ET CHAT IRC PONG response
260 1:2017639 ET INFO JAR Size Under 30K Size - Potentially Hostile
30 1:2002026 ET CHAT IRC PRIVMSG command
16 1:2016032 ET CURRENT_EVENTS JCE Joomla Scanner
13 1:2014520 ET INFO EXE - Served Attached HTTP
11 1:2008411 ET TROJAN LDPinch SMTP Password Report with mail client The Bat!
9 1:2014704 ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability
4 1:2017574 ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE Using Marshalled Object
Total
734
=========================================================================
Top 50 All time Sguil Events
=========================================================================
Totals GenID:SigID Signature
49618 1:2002028 ET CHAT IRC PONG response
8595 1:26557 SERVER-WEBAPP Wordpress brute-force login attempt
6032 1:2002026 ET CHAT IRC PRIVMSG command
3925 1:2000328 ET POLICY Outbound Multiple Non-SMTP Server Emails
2035 1:2101842 GPL IMAP login buffer overflow attempt
1386 1:2016983 ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013
965 1:2103134 GPL WEB_CLIENT PNG large colour depth download attempt
728 1:2103192 GPL WEB_CLIENT Windows Media Player directory traversal via Content-Disposition attempt
659 1:2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
597 1:2016670 ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException)
552 1:2016540 ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
498 1:2017639 ET INFO JAR Size Under 30K Size - Potentially Hostile
450 1:2101616 GPL DNS named version attempt
345 1:2000419 ET POLICY PE EXE or DLL Windows file download
336 1:2230003 SURICATA TLS invalid handshake message
271 1:2013115 ET WEB_SERVER Muieblackcat scanner
269 1:100000429 GPL WEB_SERVER WEB-MISC JBoss web-console access
259 1:2403301 ET CINS Active Threat Intelligence Poor Reputation IP
256 1:2003466 ET WEB_SERVER PHP Attack Tool Morfeus F Scanner
225 1:2101413 GPL SNMP private access udp
214 1:2012086 ET SHELLCODE Possible Call with No Offset TCP Shellcode
185 1:2016184 ET WEB_SERVER ColdFusion administrator access
170 1:2014520 ET INFO EXE - Served Attached HTTP
162 1:2001219 ET SCAN Potential SSH Scan
159 1:2001329 ET POLICY RDP connection request
148 1:2002334 ET CHAT Google IM traffic Jabber client sign-on
148 1:100000230 GPL CHAT MISC Jabber/Google Talk Outgoing Traffic
122 1:2002027 ET CHAT IRC PING command
111 1:2221019 SURICATA HTTP response field too long
103 1:2014020 ET WEB_SERVER Wordpress Login Bruteforcing Detected
94 1:2008176 ET WEB_SERVER Possible SQL Injection (exec)
94 1:18794 SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt
94 1:2014018 ET WEB_SERVER JBoss jmx-console Access Control Bypass Attempt
94 1:2014017 ET WEB_SERVER JBoss jmx-console Probe
85 1:2008986 ET POLICY Internal Host Retrieving External IP via whatismyip.com - Possible Infection
79 1:2003068 ET SCAN Potential SSH Scan OUTBOUND
79 1:2017590 ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA
70 1:2014704 ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability
66 1:2200029 SURICATA ICMPv6 unknown type
65 1:2017440 ET WEB_SERVER PHP SESSION SuperGlobal in URI
65 1:19553 SERVER-WEBAPP phpMyAdmin session_to_unset session variable injection attempt
53 1:2002911 ET SCAN Potential VNC Scan 5900-5920
50 1:2016032 ET CURRENT_EVENTS JCE Joomla Scanner
46 1:2100474 GPL SCAN superscan echo
43 1:2017612 ET TROJAN Kelihos p2p traffic detected via byte_test
43 1:2002024 ET CHAT IRC NICK command
42 1:2002023 ET CHAT IRC USER command
41 1:2002330 ET POLICY Google Talk TLS Client Traffic
31 1:2103007 GPL IMAP delete overflow attempt
31 1:2016992 ET WEB_SERVER WebShell Generic - *.tar.gz in POST body
Total
81897
=========================================================================
Top 50 URLs for yesterday
=========================================================================
Total
0
=========================================================================
Snorby Events Summary for yesterday
=========================================================================
Totals GenID:SigID SignatureName
260 1:2017639 ET INFO JAR Size Under 30K Size - Potentially Hostile
16 1:2016032 ET CURRENT_EVENTS JCE Joomla Scanner
13 1:2014520 ET INFO EXE - Served Attached HTTP
11 1:2008411 ET TROJAN LDPinch SMTP Password Report with mail client The Bat!
9 1:2014704 ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability
4 1:2017574 ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE Using Marshalled Object
Total
313
=========================================================================
Top 50 All Time Snorby Events
=========================================================================
Totals GenID:SigID SignatureName
7311 1:26557 SERVER-WEBAPP Wordpress brute-force login attempt
3924 1:2000328 ET POLICY Outbound Multiple Non-SMTP Server Emails
2035 1:2101842 GPL IMAP login buffer overflow attempt
1284 1:26557 SERVER-WEBAPP Wordpress brute-force login attempt
1092 1:2016983 ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013
965 1:2103134 GPL WEB_CLIENT PNG large colour depth download attempt
728 1:2103192 GPL WEB_CLIENT Windows Media Player directory traversal via Content-Disposition attempt
559 1:2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
548 1:2016670 ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException)
501 1:2016540 ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
498 1:2017639 ET INFO JAR Size Under 30K Size - Potentially Hostile
450 1:2101616 GPL DNS named version attempt
342 1:2000419 ET POLICY PE EXE or DLL Windows file download
336 1:2230003 SURICATA TLS invalid handshake message
294 1:2016983 ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013
271 1:2013115 ET WEB_SERVER Muieblackcat scanner
225 1:2101413 GPL SNMP private access udp
193 1:100000429 GPL WEB_SERVER WEB-MISC JBoss web-console access
185 1:2016184 ET WEB_SERVER ColdFusion administrator access
162 1:2001219 ET SCAN Potential SSH Scan
160 1:2012086 ET SHELLCODE Possible Call with No Offset TCP Shellcode
159 1:2001329 ET POLICY RDP connection request
142 1:2002334 ET CHAT Google IM traffic Jabber client sign-on
142 1:100000230 GPL CHAT MISC Jabber/Google Talk Outgoing Traffic
129 1:2003466 ET WEB_SERVER PHP Attack Tool Morfeus F Scanner
127 1:2003466 ET WEB_SERVER PHP Attack Tool Morfeus F Scanner
111 1:2221019 SURICATA HTTP response field too long
100 1:2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
97 1:2014520 ET INFO EXE - Served Attached HTTP
93 1:2014020 ET WEB_SERVER Wordpress Login Bruteforcing Detected
79 1:2003068 ET SCAN Potential SSH Scan OUTBOUND
79 1:2008176 ET WEB_SERVER Possible SQL Injection (exec)
79 1:18794 SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt
79 1:2014018 ET WEB_SERVER JBoss jmx-console Access Control Bypass Attempt
79 1:2014017 ET WEB_SERVER JBoss jmx-console Probe
79 1:2017590 ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA
76 1:100000429 GPL WEB_SERVER WEB-MISC JBoss web-console access
73 1:2014520 ET INFO EXE - Served Attached HTTP
70 1:2008986 ET POLICY Internal Host Retrieving External IP via whatismyip.com - Possible Infection
65 1:19553 SERVER-WEBAPP phpMyAdmin session_to_unset session variable injection attempt
65 1:2017440 ET WEB_SERVER PHP SESSION SuperGlobal in URI
60 1:2014704 ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability
54 1:2012086 ET SHELLCODE Possible Call with No Offset TCP Shellcode
53 1:2002911 ET SCAN Potential VNC Scan 5900-5920
51 1:2016540 ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
49 1:2016670 ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException)
46 1:2100474 GPL SCAN superscan echo
43 1:2403307 ET CINS Active Threat Intelligence Poor Reputation IP
43 1:2017612 ET TROJAN Kelihos p2p traffic detected via byte_test
34 1:2016032 ET CURRENT_EVENTS JCE Joomla Scanner
Total
25964
Sami J. Mäkinen
Bro is disabled.
This sostat is from the sensor:
=========================================================================
Service Status
=========================================================================
Status: HIDS
* ossec_agent (sguil)[ OK ]
Status: alasin-eth1
* netsniff-ng (full packet data)[ OK ]
* pcap_agent (sguil)[ OK ]
* snort_agent (sguil)[ OK ]
* suricata (alert data)[ OK ]
* barnyard2 (spooler, unified2 format)[ OK ]
=========================================================================
Interface Status
=========================================================================
eth0 Link encap:Ethernet HWaddr c8:60:00:6d:b6:0d
inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
inet6 addr: fe80::ca60:ff:fe6d:b60d/64 Scope:Link
inet6 addr: xxx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:488068 errors:0 dropped:0 overruns:0 frame:0
TX packets:32041 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66349793 (66.3 MB) TX bytes:9257434 (9.2 MB)
Interrupt:18 Memory:faa00000-faa20000
eth1 Link encap:Ethernet HWaddr a0:36:9f:1d:f4:30
UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:9100 Metric:1
RX packets:1569892087 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1162272191275 (1.1 TB) TX bytes:0 (0.0 B)
Memory:fa400000-fa500000
eth2 Link encap:Ethernet HWaddr a0:36:9f:1d:f4:31
UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:9100 Metric:1
RX packets:1705791 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:149792028 (149.7 MB) TX bytes:0 (0.0 B)
Memory:fa300000-fa400000
lo Link encap:Local Loopback
inet addr:X.X.X.X Mask:X.X.X.X
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:24134 errors:0 dropped:0 overruns:0 frame:0
TX packets:24134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9382097 (9.3 MB) TX bytes:9382097 (9.3 MB)
=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/sys_alasin-root 92G 2.3G 85G 3% /
udev 16G 4.0K 16G 1% /dev
tmpfs 6.3G 508K 6.3G 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 16G 0 16G 0% /run/shm
/dev/md0 992M 54M 887M 6% /boot
/dev/mapper/sys_alasin-home 92G 260M 87G 1% /home
/dev/mapper/sys_alasin-var 459G 403M 435G 1% /var
/dev/mapper/sys_alasin-nsm 2.1T 1.5T 475G 76% /nsm
=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1347 root 3u IPv4 11721 0t0 TCP *:22 (LISTEN)
sshd 1347 root 4u IPv6 11723 0t0 TCP *:22 (LISTEN)
ntpd 1535 ntp 16u IPv4 14383 0t0 UDP *:123
ntpd 1535 ntp 17u IPv6 14384 0t0 UDP *:123
ntpd 1535 ntp 18u IPv4 14390 0t0 UDP X.X.X.X:123
ntpd 1535 ntp 19u IPv4 14391 0t0 UDP X.X.X.X:123
ntpd 1535 ntp 20u IPv6 14392 0t0 UDP [::1]:123
ntpd 1535 ntp 21u IPv6 14393 0t0 UDP [fe80::ca60:ff:fe6d:b60d]:123
ssh 1623 root 3u IPv4 13649 0t0 TCP X.X.X.X:39628->X.X.X.X:22 (ESTABLISHED)
ssh 1623 root 4u IPv6 13668 0t0 TCP [::1]:3306 (LISTEN)
ssh 1623 root 5u IPv4 13669 0t0 TCP X.X.X.X:3306 (LISTEN)
ssh 1623 root 6u IPv4 465806 0t0 TCP X.X.X.X:3306->X.X.X.X:46553 (ESTABLISHED)
sshd 8865 root 3u IPv4 508369 0t0 TCP X.X.X.X:22->X.X.X.X:42363 (ESTABLISHED)
sshd 9213 root 3u IPv4 511317 0t0 TCP X.X.X.X:22->X.X.X.X:42586 (ESTABLISHED)
tclsh 10558 root 3u IPv4 512423 0t0 TCP X.X.X.X:54865->X.X.X.X:7736 (ESTABLISHED)
tclsh 10702 root 3u IPv4 508882 0t0 TCP X.X.X.X:54866->X.X.X.X:7736 (ESTABLISHED)
tclsh 10837 root 3u IPv4 508898 0t0 TCP X.X.X.X:54867->X.X.X.X:7736 (ESTABLISHED)
tclsh 10837 root 4u IPv4 508900 0t0 TCP X.X.X.X:8000 (LISTEN)
tclsh 10837 root 5u IPv4 515164 0t0 TCP X.X.X.X:8000->X.X.X.X:44661 (ESTABLISHED)
barnyard2 21364 root 3u IPv4 512540 0t0 TCP X.X.X.X:44661->X.X.X.X:8000 (ESTABLISHED)
barnyard2 21364 root 4u IPv4 325620 0t0 TCP X.X.X.X:46553->X.X.X.X:3306 (ESTABLISHED)
=========================================================================
IDS Rules Update
=========================================================================
Thu Oct 31 07:01:01 UTC 2013
Backing up current local_rules.xml file.
Cleaning up local_rules.xml backup files older than 30 days.
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Backing up current local.rules file before it gets overwritten.
Cleaning up local.rules backup files older than 30 days.
Sleeping for 5 minutes to allow master time to download new rules.
Copying rules from X.X.X.X.
Restarting Barnyard2.
Restarting: alasin-eth1
* stopping: barnyard2 (spooler, unified2 format)[ OK ]
* starting: barnyard2 (spooler, unified2 format)[ OK ]
Restarting IDS Engine.
Restarting: alasin-eth1
* stopping: suricata (alert data)[ OK ]
* starting: suricata (alert data)[ OK ]
=========================================================================
CPU Usage
=========================================================================
top - 14:01:55 up 1 day, 3:34, 2 users, load average: 2.81, 2.28, 2.05
Tasks: 175 total, 1 running, 174 sleeping, 0 stopped, 0 zombie
Cpu(s): 24.1%us, 0.3%sy, 0.0%ni, 74.1%id, 1.2%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 32895244k total, 32673768k used, 221476k free, 114300k buffers
Swap: 62496764k total, 0k used, 62496764k free, 19609936k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
22600 sguil 20 0 12.3g 11g 259m S 302 35.2 930:40.13 Suricata-Main
24572 sguil 20 0 105m 79m 64m S 6 0.2 51:58.21 netsniff-ng
1 root 20 0 24472 2344 1344 S 0 0.0 0:00.73 init
2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0 0.0 0:01.06 ksoftirqd/0
4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0
5 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/0:0H
7 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/u:0H
8 root RT 0 0 0 0 S 0 0.0 0:02.82 migration/0
9 root 20 0 0 0 0 S 0 0.0 0:00.00 rcu_bh
10 root 20 0 0 0 0 S 0 0.0 0:05.72 rcu_sched
11 root RT 0 0 0 0 S 0 0.0 0:00.16 watchdog/0
12 root RT 0 0 0 0 S 0 0.0 0:00.16 watchdog/1
13 root 20 0 0 0 0 S 0 0.0 0:01.08 ksoftirqd/1
14 root RT 0 0 0 0 S 0 0.0 0:01.12 migration/1
15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0
16 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/1:0H
17 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/2
18 root 20 0 0 0 0 S 0 0.0 0:01.14 ksoftirqd/2
19 root RT 0 0 0 0 S 0 0.0 0:00.55 migration/2
21 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/2:0H
22 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/3
23 root 20 0 0 0 0 S 0 0.0 0:01.23 ksoftirqd/3
24 root RT 0 0 0 0 S 0 0.0 0:01.25 migration/3
25 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0
26 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/3:0H
27 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/4
28 root 20 0 0 0 0 S 0 0.0 0:00.82 ksoftirqd/4
29 root RT 0 0 0 0 S 0 0.0 0:00.61 migration/4
31 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/4:0H
32 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/5
33 root 20 0 0 0 0 S 0 0.0 0:00.78 ksoftirqd/5
34 root RT 0 0 0 0 S 0 0.0 0:00.38 migration/5
35 root 20 0 0 0 0 S 0 0.0 0:08.07 kworker/5:0
36 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/5:0H
37 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/6
38 root 20 0 0 0 0 S 0 0.0 0:00.79 ksoftirqd/6
39 root RT 0 0 0 0 S 0 0.0 0:00.25 migration/6
40 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/6:0
41 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/6:0H
42 root RT 0 0 0 0 S 0 0.0 0:00.14 watchdog/7
43 root 20 0 0 0 0 S 0 0.0 0:00.87 ksoftirqd/7
44 root RT 0 0 0 0 S 0 0.0 0:00.60 migration/7
45 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/7:0
46 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/7:0H
47 root 0 -20 0 0 0 S 0 0.0 0:00.00 cpuset
48 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper
49 root 20 0 0 0 0 S 0 0.0 0:00.00 kdevtmpfs
50 root 0 -20 0 0 0 S 0 0.0 0:00.00 netns
51 root 20 0 0 0 0 S 0 0.0 0:00.00 bdi-default
52 root 0 -20 0 0 0 S 0 0.0 0:00.00 kintegrityd
53 root 0 -20 0 0 0 S 0 0.0 0:00.00 kblockd
54 root 0 -20 0 0 0 S 0 0.0 0:00.00 ata_sff
55 root 20 0 0 0 0 S 0 0.0 0:00.00 khubd
56 root 0 -20 0 0 0 S 0 0.0 0:00.00 md
57 root 0 -20 0 0 0 S 0 0.0 0:00.00 devfreq_wq
58 root 20 0 0 0 0 S 0 0.0 0:26.15 kworker/0:1
60 root 20 0 0 0 0 S 0 0.0 0:00.01 khungtaskd
61 root 20 0 0 0 0 S 0 0.0 2:05.66 kswapd0
62 root 25 5 0 0 0 S 0 0.0 0:00.00 ksmd
63 root 39 19 0 0 0 S 0 0.0 0:00.00 khugepaged
64 root 20 0 0 0 0 S 0 0.0 0:00.00 fsnotify_mark
65 root 20 0 0 0 0 S 0 0.0 0:00.00 ecryptfs-kthrea
66 root 0 -20 0 0 0 S 0 0.0 0:00.00 crypto
77 root 0 -20 0 0 0 S 0 0.0 0:00.00 kthrotld
80 root 20 0 0 0 0 S 0 0.0 0:25.16 kworker/1:1
81 root 20 0 0 0 0 S 0 0.0 0:24.47 kworker/2:1
82 root 20 0 0 0 0 S 0 0.0 0:23.02 kworker/3:1
83 root 0 -20 0 0 0 S 0 0.0 0:00.00 binder
102 root 0 -20 0 0 0 S 0 0.0 0:00.00 deferwq
103 root 0 -20 0 0 0 S 0 0.0 0:00.00 charger_manager
104 root 20 0 0 0 0 S 0 0.0 0:21.21 kworker/4:1
192 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:2
198 root 20 0 0 0 0 S 0 0.0 0:08.12 kworker/6:1
334 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_0
335 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_1
336 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_2
337 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_3
338 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_4
339 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_5
346 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_6
347 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_7
350 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_8
351 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_9
352 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_10
353 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_11
354 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_12
355 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_13
356 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_14
357 root 20 0 0 0 0 S 0 0.0 0:00.00 scsi_eh_15
362 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/u:14
363 root 20 0 0 0 0 S 0 0.0 1:00.85 kworker/u:15
387 root 20 0 0 0 0 S 0 0.0 0:04.54 md1_raid1
391 root 20 0 0 0 0 S 0 0.0 0:00.00 md0_raid1
398 root 20 0 0 0 0 S 0 0.0 0:07.95 kworker/7:1
400 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
407 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
418 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
425 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
432 root 0 -20 0 0 0 S 0 0.0 0:00.00 kdmflush
440 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/4:1H
446 root 20 0 0 0 0 S 0 0.0 0:00.27 jbd2/dm-1-8
447 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
459 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/5:2
545 root 20 0 17372 900 532 S 0 0.0 0:00.06 upstart-udev-br
547 root 20 0 21928 1680 808 S 0 0.0 0:00.05 udevd
738 root 20 0 21860 1196 392 S 0 0.0 0:00.00 udevd
739 root 20 0 21860 1112 312 S 0 0.0 0:00.00 udevd
748 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/1:1H
749 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/2:1H
826 root 0 -20 0 0 0 S 0 0.0 0:00.00 kpsmoused
828 root -51 0 0 0 0 S 0 0.0 0:00.00 irq/120-mei
829 root 0 -20 0 0 0 S 0 0.0 0:00.00 edac-poller
854 root 0 -20 0 0 0 S 0 0.0 0:00.00 hci0
855 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/u:1H
861 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/4:2
862 root 0 -20 0 0 0 S 0 0.0 0:00.00 hd-audio0
865 root 0 -20 0 0 0 S 0 0.0 0:00.00 led_workqueue
898 root 0 -20 0 0 0 S 0 0.0 0:00.00 hd-audio1
916 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/5:1H
937 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/6:1H
1252 root 20 0 15196 392 196 S 0 0.0 0:00.00 upstart-socket-
1253 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/3:1H
1254 root 0 -20 0 0 0 S 0 0.0 0:00.00 kworker/7:1H
1275 root 20 0 0 0 0 S 0 0.0 0:09.02 flush-252:4
1298 root 20 0 0 0 0 S 0 0.0 0:00.00 jbd2/md0-8
1299 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1302 root 20 0 0 0 0 S 0 0.0 0:00.00 jbd2/dm-2-8
1303 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1306 root 20 0 0 0 0 S 0 0.0 0:00.87 jbd2/dm-3-8
1307 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1313 root 20 0 0 0 0 S 0 0.0 0:00.29 flush-252:1
1315 root 20 0 0 0 0 S 0 0.0 0:00.74 flush-252:3
1316 root 0 -20 0 0 0 S 0 0.0 0:03.80 kworker/0:1H
1320 root 20 0 0 0 0 S 0 0.0 0:03.06 jbd2/dm-4-8
1321 root 0 -20 0 0 0 S 0 0.0 0:00.00 ext4-dio-unwrit
1347 root 20 0 50040 2924 2316 S 0 0.0 0:00.06 sshd
1361 syslog 20 0 243m 1820 1144 S 0 0.0 0:00.72 rsyslogd
1376 messageb 20 0 23924 992 688 S 0 0.0 0:00.00 dbus-daemon
1429 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1436 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1441 root 20 0 15792 968 812 S 0 0.0 0:00.00 getty
1442 root 20 0 15792 972 812 S 0 0.0 0:00.00 getty
1444 root 20 0 15792 976 812 S 0 0.0 0:00.00 getty
1450 root 20 0 4336 688 560 S 0 0.0 0:00.00 acpid
1460 root 20 0 19120 1032 796 S 0 0.0 0:00.14 cron
1461 daemon 20 0 16916 380 220 S 0 0.0 0:00.00 atd
1488 root 20 0 15988 736 548 S 0 0.0 0:14.54 irqbalance
1493 root 20 0 12812 580 392 S 0 0.0 0:00.01 ossec-execd
1497 ossec 20 0 14784 2636 816 S 0 0.0 0:01.65 ossec-analysisd
1501 root 20 0 4536 572 432 S 0 0.0 0:00.04 ossec-logcollec
1511 whoopsie 20 0 181m 3620 2440 S 0 0.0 0:00.58 whoopsie
1514 root 20 0 5392 1732 652 S 0 0.0 0:31.85 ossec-syscheckd
1518 ossec 20 0 13076 872 588 S 0 0.0 0:00.05 ossec-monitord
1535 ntp 20 0 37780 2244 1608 S 0 0.0 0:02.92 ntpd
1556 root 20 0 13376 740 512 S 0 0.0 0:00.01 mdadm
1598 root 20 0 15792 972 812 S 0 0.0 0:00.00 getty
1621 root 20 0 4316 316 220 S 0 0.0 0:00.00 autossh
1623 root 20 0 42600 4204 2456 S 0 0.0 0:00.47 ssh
8865 root 20 0 77572 3712 2884 S 0 0.0 0:00.03 sshd
9115 root 20 0 23600 4880 1720 S 0 0.0 0:00.10 bash
9213 root 20 0 77572 3708 2884 S 0 0.0 0:00.04 sshd
9355 root 20 0 23608 4916 1752 S 0 0.0 0:00.10 bash
10558 root 20 0 36868 5816 2972 S 0 0.0 0:00.06 tclsh
10560 root 20 0 7204 604 516 S 0 0.0 0:00.00 tail
10702 root 20 0 36504 5260 2968 S 0 0.0 0:00.15 tclsh
10837 root 20 0 35400 4244 2936 S 0 0.0 0:00.08 tclsh
18363 root 20 0 4408 608 508 S 0 0.0 0:00.00 sh
18366 root 20 0 4408 320 220 S 0 0.0 0:00.00 sh
18371 root 20 0 4316 352 272 S 0 0.0 0:00.00 sleep
18968 root 20 0 12316 1360 1144 S 0 0.0 0:00.00 sostat-redacted
18969 root 20 0 12332 1492 1264 S 0 0.0 0:00.00 sostat
18970 root 20 0 11508 820 696 S 0 0.0 0:00.00 sed
19082 root 20 0 17340 1324 944 R 0 0.0 0:00.00 top
21364 root 20 0 209m 110m 1852 S 0 0.3 0:48.81 barnyard2
=========================================================================
Log Archive
=========================================================================
/nsm/sensor_data/alasin-eth1/dailylogs/
1.5T .
951G ./2013-10-30
512G ./2013-10-31
/nsm/bro/logs/
27M .
27M ./stats
=========================================================================
IDS Engine (suricata) packet drops
=========================================================================
/nsm/sensor_data/alasin-eth1/stats.log
tcp.ssn_memcap_drop | RxPFReth14 | 0
tcp.segment_memcap_drop | RxPFReth14 | 0
=========================================================================
pf_ring stats
=========================================================================
Appl. Name : Suricata
Tot Packets : 114936119
Tot Pkt Lost : 3760316
TX: Send Errors : 0
Reflect: Fwd Errors: 0
Appl. Name : Suricata
Tot Packets : 117013793
Tot Pkt Lost : 2867566
TX: Send Errors : 0
Reflect: Fwd Errors: 0
Appl. Name : Suricata
Tot Packets : 115391287
Tot Pkt Lost : 2589871
TX: Send Errors : 0
Reflect: Fwd Errors: 0
Appl. Name : Suricata
Tot Packets : 113070795
Tot Pkt Lost : 2311906
TX: Send Errors : 0
Reflect: Fwd Errors: 0
=========================================================================
Netsniff-NG - Reported Packet Loss (per interval)
=========================================================================
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +245604 Lost: -41569
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +240345 Lost: -57164
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +212670 Lost: -73180
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253275 Lost: -2231
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +197890 Lost: -54719
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +187408 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +256664 Lost: -2114
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249426 Lost: -4263
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224998 Lost: -40762
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +202012 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211990 Lost: -73233
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +335141 Lost: -14387
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +235670 Lost: -79883
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +245322 Lost: -3711
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +365273 Lost: -9861
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +261119 Lost: -5548
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +335561 Lost: -4073
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294209 Lost: -27668
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +183633 Lost: -22034
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280704 Lost: -54157
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +184503 Lost: -2171
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +252598 Lost: -46792
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +163847 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269196 Lost: -61457
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +175215 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +261388 Lost: -81488
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286144 Lost: -29869
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +195624 Lost: -29262
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +222439 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +185399 Lost: -39589
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +251706 Lost: -76404
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +247653 Lost: -35688
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248948 Lost: -66268
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288778 Lost: -25812
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +163131 Lost: -6
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279055 Lost: -50281
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +188652 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +264271 Lost: -68988
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +187247 Lost: -17389
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290580 Lost: -78649
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +187138 Lost: -3888
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265457 Lost: -49996
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +179929 Lost: -18617
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +239359 Lost: -52313
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +237160 Lost: -17038
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +205803 Lost: -66830
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +203024 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +240344 Lost: -57734
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +204714 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +246769 Lost: -4902
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +204595 Lost: -41945
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +189102 Lost: -23100
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +229667 Lost: -6302
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224338 Lost: -651
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +255899 Lost: -48648
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +180128 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +231505 Lost: -25850
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315727 Lost: -27
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +188085 Lost: -19944
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +250666 Lost: -49611
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +182940 Lost: -48609
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +198561 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221223 Lost: -1566
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221572 Lost: -304
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224354 Lost: -2763
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216101 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +229884 Lost: -4059
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224673 Lost: -8904
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +225332 Lost: -6790
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221989 Lost: -8019
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216555 Lost: -4872
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +214704 Lost: -8348
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221848 Lost: -8503
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +222533 Lost: -15766
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +217522 Lost: -21909
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +217430 Lost: -13568
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221272 Lost: -20846
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221401 Lost: -11624
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +218234 Lost: -11086
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216634 Lost: -10425
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +219029 Lost: -12888
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +220889 Lost: -12695
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +220838 Lost: -16415
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224264 Lost: -19758
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +225237 Lost: -10892
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +225333 Lost: -11303
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +222174 Lost: -13947
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221639 Lost: -10382
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224305 Lost: -14030
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +220767 Lost: -14660
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221516 Lost: -56895
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +203076 Lost: -48482
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213085 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +225858 Lost: -6547
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +228539 Lost: -519
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +234022 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +230139 Lost: -9254
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +232599 Lost: -787
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +233451 Lost: -46727
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +195674 Lost: -34517
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +226313 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +235664 Lost: -1849
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +229202 Lost: -1844
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +228712 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +230350 Lost: -27300
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +230718 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +238862 Lost: -2395
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +241613 Lost: -7170
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +242328 Lost: -614
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +241387 Lost: -1622
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +236460 Lost: -428
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +232829 Lost: -2586
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +240805 Lost: -26623
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +240282 Lost: -336
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +239296 Lost: -5236
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +239111 Lost: -75
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +234679 Lost: -1594
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +236339 Lost: -648
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +260342 Lost: -9877
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287249 Lost: -9143
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278223 Lost: -14025
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279685 Lost: -9464
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272605 Lost: -112806
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +217525 Lost: -42912
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +241730 Lost: -738
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288489 Lost: -9441
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282722 Lost: -6094
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277333 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306199 Lost: -3851
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +251743 Lost: -6881
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +263649 Lost: -3589
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +250829 Lost: -1055
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +246995 Lost: -3871
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +247946 Lost: -8818
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248533 Lost: -1522
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +247291 Lost: -189
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +239450 Lost: -6610
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +234124 Lost: -2282
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +235675 Lost: -3702
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +231127 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +235316 Lost: -3557
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249342 Lost: -1180
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +238315 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +256776 Lost: -1069
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +243365 Lost: -857
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +229509 Lost: -43481
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +203187 Lost: -32992
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253179 Lost: -11831
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296351 Lost: -7263
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +218365 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +326726 Lost: -38660
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +202950 Lost: -24843
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +261811 Lost: -2190
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213134 Lost: -793
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269728 Lost: -40186
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +205431 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295985 Lost: -20146
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +225274 Lost: -30538
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320137 Lost: -3367
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +266822 Lost: -5
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294032 Lost: -6901
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +344408 Lost: -715
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319209 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +347720 Lost: -2084
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313894 Lost: -32679
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213104 Lost: -32309
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319095 Lost: -41719
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213008 Lost: -34093
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +237335 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319438 Lost: -6787
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278635 Lost: -1521
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +263550 Lost: -3888
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265814 Lost: -2652
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +256795 Lost: -558
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +254879 Lost: -4616
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +237484 Lost: -1459
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +263874 Lost: -35835
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +208017 Lost: -23351
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274582 Lost: -8
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +337927 Lost: -14838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253794 Lost: -4493
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +243424 Lost: -5585
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282812 Lost: -44764
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +210599 Lost: -24363
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265165 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253325 Lost: -33975
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221746 Lost: -31962
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313802 Lost: -5356
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +328016 Lost: -20443
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +245517 Lost: -33022
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +236823 Lost: -6318
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306784 Lost: -14838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315120 Lost: -3300
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322321 Lost: -1460
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277241 Lost: -51937
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +209575 Lost: -48307
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305989 Lost: -1329
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299990 Lost: -12139
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285545 Lost: -8
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275231 Lost: -1923
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307130 Lost: -5279
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +238624 Lost: -53202
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +223251 Lost: -36591
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319392 Lost: -6141
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293086 Lost: -5539
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274917 Lost: -384
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268966 Lost: -6889
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309057 Lost: -8589
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248331 Lost: -35757
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +218157 Lost: -18983
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +329444 Lost: -3932
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +264019 Lost: -9025
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +245619 Lost: -13094
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +233885 Lost: -26121
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +232363 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279193 Lost: -896
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280983 Lost: -42761
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +208343 Lost: -38279
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287835 Lost: -17264
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277342 Lost: -17205
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279633 Lost: -13934
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281276 Lost: -9536
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294808 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300397 Lost: -4507
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285570 Lost: -1458
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281953 Lost: -6362
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278686 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282384 Lost: -338
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274452 Lost: -7962
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273720 Lost: -9982
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274015 Lost: -5324
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268631 Lost: -5861
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269780 Lost: -9137
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293965 Lost: -3579
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299864 Lost: -5838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289684 Lost: -7269
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287302 Lost: -705
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282414 Lost: -1283
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292648 Lost: -19006
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290125 Lost: -3126
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283044 Lost: -53180
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +218189 Lost: -54954
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +234166 Lost: -1915
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279605 Lost: -6046
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275715 Lost: -2587
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276610 Lost: -9066
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282809 Lost: -6802
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293959 Lost: -2060
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290530 Lost: -122
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290019 Lost: -1341
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281721 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297117 Lost: -2719
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285361 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268469 Lost: -34679
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +232970 Lost: -43242
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +243454 Lost: -9640
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313352 Lost: -18429
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276656 Lost: -17642
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +321972 Lost: -16744
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307195 Lost: -1252
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298821 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301071 Lost: -304
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248437 Lost: -42784
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +220909 Lost: -38450
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284559 Lost: -14
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320166 Lost: -4524
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313580 Lost: -11743
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293044 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288527 Lost: -1958
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282208 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298527 Lost: -1667
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278199 Lost: -5032
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282647 Lost: -6962
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286226 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300550 Lost: -858
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278191 Lost: -1426
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276570 Lost: -17096
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280836 Lost: -7588
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282137 Lost: -2770
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302160 Lost: -1028
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317443 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282433 Lost: -56458
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213715 Lost: -33245
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +259996 Lost: -14
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312102 Lost: -9977
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307353 Lost: -542
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304007 Lost: -3819
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315961 Lost: -2003
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309167 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301961 Lost: -39824
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +214228 Lost: -34124
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312291 Lost: -8843
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310884 Lost: -4698
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +241991 Lost: -13960
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +240177 Lost: -9259
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296347 Lost: -639
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302782 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298342 Lost: -87
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303035 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300948 Lost: -14508
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296167 Lost: -2957
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289501 Lost: -2157
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287616 Lost: -8124
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276387 Lost: -11255
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278012 Lost: -3350
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281113 Lost: -3733
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279219 Lost: -9700
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272183 Lost: -691
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280690 Lost: -2987
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271187 Lost: -4370
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272785 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285372 Lost: -35217
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216594 Lost: -35998
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +228129 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305955 Lost: -1470
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297877 Lost: -4471
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267580 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293877 Lost: -1074
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307371 Lost: -3976
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304356 Lost: -5595
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289821 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290085 Lost: -240
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320351 Lost: -2650
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309728 Lost: -8059
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304324 Lost: -2092
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294291 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280421 Lost: -1881
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277650 Lost: -3529
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283657 Lost: -4591
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282109 Lost: -2821
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283945 Lost: -1251
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286172 Lost: -41547
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211416 Lost: -41116
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +222047 Lost: -1412
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285705 Lost: -2060
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282249 Lost: -3024
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284031 Lost: -3037
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280952 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286201 Lost: -159
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279504 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302801 Lost: -12527
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305036 Lost: -1855
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294254 Lost: -4229
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287185 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296266 Lost: -2521
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286078 Lost: -388
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267585 Lost: -37381
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253866 Lost: -20226
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +262604 Lost: -4425
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297617 Lost: -13150
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287811 Lost: -6353
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297049 Lost: -1184
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299004 Lost: -9219
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297084 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288069 Lost: -20910
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306017 Lost: -4201
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297380 Lost: -1480
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277078 Lost: -197
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275675 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301191 Lost: -3115
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296232 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305568 Lost: -846
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294586 Lost: -5
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307067 Lost: -342
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305729 Lost: -7220
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +323874 Lost: -2533
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302798 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307143 Lost: -668
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293907 Lost: -50538
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211531 Lost: -32206
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297915 Lost: -20545
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315469 Lost: -5011
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300813 Lost: -5370
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301647 Lost: -5034
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285779 Lost: -1381
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296757 Lost: -1994
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283469 Lost: -27803
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297608 Lost: -20259
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309401 Lost: -16617
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298599 Lost: -9243
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299207 Lost: -15700
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299734 Lost: -19241
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297446 Lost: -17130
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306384 Lost: -13271
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300110 Lost: -16266
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301729 Lost: -11876
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306835 Lost: -16003
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316737 Lost: -26713
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307274 Lost: -19412
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306721 Lost: -43584
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316095 Lost: -13419
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307151 Lost: -13070
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312616 Lost: -19750
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313143 Lost: -10948
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313858 Lost: -8530
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298315 Lost: -9910
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315792 Lost: -11682
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311230 Lost: -17693
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312006 Lost: -20526
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302533 Lost: -14046
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304048 Lost: -14099
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304691 Lost: -18998
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304284 Lost: -6350
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304804 Lost: -13439
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305671 Lost: -13571
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307488 Lost: -9412
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307297 Lost: -12454
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305386 Lost: -16029
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253128 Lost: -61434
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +234078 Lost: -56535
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281624 Lost: -15943
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314212 Lost: -9969
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315373 Lost: -11998
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316684 Lost: -15763
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312273 Lost: -15430
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306951 Lost: -12003
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308861 Lost: -16615
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311796 Lost: -14854
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313543 Lost: -12540
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309231 Lost: -18597
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315505 Lost: -16001
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307841 Lost: -7718
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311062 Lost: -9205
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314989 Lost: -8760
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307745 Lost: -11932
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314940 Lost: -16412
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309289 Lost: -11993
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306935 Lost: -12499
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309759 Lost: -15172
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309364 Lost: -12136
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308710 Lost: -8910
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306207 Lost: -11895
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305387 Lost: -10996
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308845 Lost: -8927
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313056 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314075 Lost: -7485
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306929 Lost: -2805
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308761 Lost: -948
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316764 Lost: -7283
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309669 Lost: -4922
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301873 Lost: -3141
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299672 Lost: -2277
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299078 Lost: -108
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +252543 Lost: -51587
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +215451 Lost: -37699
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271899 Lost: -2645
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305555 Lost: -1432
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296905 Lost: -3210
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300345 Lost: -644
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314614 Lost: -2315
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308068 Lost: -1931
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313501 Lost: -4457
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311404 Lost: -900
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294386 Lost: -14680
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275326 Lost: -4619
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253776 Lost: -13835
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +244273 Lost: -14563
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307072 Lost: -3678
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283796 Lost: -3397
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277623 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301379 Lost: -1588
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288150 Lost: -3721
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271086 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289291 Lost: -649
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277289 Lost: -1542
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310306 Lost: -974
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +325360 Lost: -919
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271329 Lost: -50035
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211698 Lost: -32229
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +264247 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305412 Lost: -13442
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282015 Lost: -14036
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285053 Lost: -15114
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302093 Lost: -536
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282427 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293624 Lost: -6532
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274252 Lost: -4785
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272610 Lost: -3992
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276716 Lost: -5069
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280746 Lost: -2054
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270388 Lost: -5237
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269188 Lost: -5713
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249647 Lost: -3489
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286474 Lost: -4238
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273569 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298003 Lost: -59640
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +212014 Lost: -29810
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295932 Lost: -10632
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296145 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299047 Lost: -11483
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287833 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293143 Lost: -7576
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305017 Lost: -966
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288588 Lost: -260
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295602 Lost: -9767
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297280 Lost: -2304
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300234 Lost: -369
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294018 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310247 Lost: -35709
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +236896 Lost: -37296
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +255693 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312606 Lost: -13142
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293117 Lost: -1557
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287758 Lost: -1730
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274689 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300226 Lost: -327
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302212 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283438 Lost: -15177
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282412 Lost: -4074
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270416 Lost: -63133
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +219773 Lost: -45046
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248028 Lost: -1005
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292630 Lost: -18642
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286655 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295691 Lost: -2755
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301719 Lost: -4417
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296012 Lost: -5568
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292333 Lost: -3879
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286075 Lost: -4451
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288863 Lost: -4219
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279848 Lost: -5873
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287182 Lost: -741
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286802 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285165 Lost: -4629
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271907 Lost: -15779
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288592 Lost: -1593
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273989 Lost: -14299
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278336 Lost: -4090
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +287023 Lost: -6882
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288005 Lost: -3962
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289783 Lost: -3543
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288358 Lost: -1462
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285848 Lost: -979
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293657 Lost: -4510
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291093 Lost: -1345
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295369 Lost: -11978
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282619 Lost: -15993
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282707 Lost: -2801
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278634 Lost: -924
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277238 Lost: -3179
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286594 Lost: -2462
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279969 Lost: -5330
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276700 Lost: -7120
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276913 Lost: -8419
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277375 Lost: -11095
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +262311 Lost: -56999
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +214796 Lost: -32964
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +224085 Lost: -9445
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278066 Lost: -3156
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286306 Lost: -4378
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270489 Lost: -26449
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +258374 Lost: -31886
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +247302 Lost: -24128
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +246182 Lost: -16836
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +243161 Lost: -10967
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248630 Lost: -12378
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +246976 Lost: -12698
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +244317 Lost: -24278
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +255667 Lost: -22058
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248554 Lost: -14896
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +258765 Lost: -9175
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274512 Lost: -6757
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269364 Lost: -9039
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271796 Lost: -12489
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281236 Lost: -9579
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275089 Lost: -8816
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267173 Lost: -4484
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +260552 Lost: -9908
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267798 Lost: -13859
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285864 Lost: -4028
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278542 Lost: -4961
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284206 Lost: -7282
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +264457 Lost: -3213
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283526 Lost: -1203
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319791 Lost: -3805
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312079 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316458 Lost: -3476
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300206 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316674 Lost: -1606
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +263152 Lost: -47232
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216945 Lost: -38416
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318494 Lost: -11575
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314657 Lost: -2813
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322301 Lost: -77
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309590 Lost: -2150
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +261969 Lost: -24645
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +252860 Lost: -8891
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269290 Lost: -11333
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305254 Lost: -5987
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298456 Lost: -1113
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +323550 Lost: -22368
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317758 Lost: -590
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296086 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309785 Lost: -62327
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +215178 Lost: -28678
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300227 Lost: -8026
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285541 Lost: -2903
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300324 Lost: -4784
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301541 Lost: -4895
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291743 Lost: -10815
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289629 Lost: -1252
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290816 Lost: -5728
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303922 Lost: -5457
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296953 Lost: -5970
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300260 Lost: -4195
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290901 Lost: -16200
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +289460 Lost: -8735
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293567 Lost: -7887
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301324 Lost: -5004
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298053 Lost: -8733
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292775 Lost: -7798
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294286 Lost: -1198
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308244 Lost: -3522
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292044 Lost: -7740
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +259587 Lost: -57955
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216799 Lost: -54709
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268750 Lost: -2911
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286881 Lost: -3625
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293512 Lost: -10458
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283305 Lost: -5712
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296174 Lost: -3732
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307773 Lost: -5136
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304248 Lost: -1543
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300970 Lost: -20551
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292957 Lost: -6244
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302460 Lost: -8001
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309928 Lost: -6201
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295526 Lost: -743
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288504 Lost: -11060
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290238 Lost: -4083
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288106 Lost: -4397
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299471 Lost: -572
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303699 Lost: -3729
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306821 Lost: -8473
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312252 Lost: -1520
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315529 Lost: -3440
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310830 Lost: -183
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +324845 Lost: -10214
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306526 Lost: -4232
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305330 Lost: -7011
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305301 Lost: -4154
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315791 Lost: -8090
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304727 Lost: -4148
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312969 Lost: -3061
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311241 Lost: -12015
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302212 Lost: -96065
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +233600 Lost: -43133
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275984 Lost: -5990
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312285 Lost: -16302
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310714 Lost: -1156
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307578 Lost: -7653
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298604 Lost: -1611
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311513 Lost: -1432
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309848 Lost: -1087
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274654 Lost: -2848
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +329980 Lost: -1714
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +326285 Lost: -698
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318306 Lost: -6783
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +324570 Lost: -13139
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310384 Lost: -14035
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307553 Lost: -10227
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303444 Lost: -11764
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303422 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320839 Lost: -27328
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307189 Lost: -1856
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290765 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291180 Lost: -5572
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +321673 Lost: -9278
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310057 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305950 Lost: -859
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299328 Lost: -3
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298429 Lost: -3672
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301169 Lost: -1786
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309318 Lost: -3169
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248819 Lost: -40566
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +218069 Lost: -30502
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267277 Lost: -859
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300712 Lost: -1840
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304210 Lost: -715
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299603 Lost: -2947
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310613 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307034 Lost: -7944
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284808 Lost: -9124
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279612 Lost: -7347
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274694 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284593 Lost: -1136
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283755 Lost: -149
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273520 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301232 Lost: -11022
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301582 Lost: -1639
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296572 Lost: -4873
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +325782 Lost: -53625
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213469 Lost: -45673
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301186 Lost: -746
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298263 Lost: -13239
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298912 Lost: -1611
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299827 Lost: -3490
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302789 Lost: -5107
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314539 Lost: -5684
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318852 Lost: -10552
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310619 Lost: -4755
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318703 Lost: -10665
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322398 Lost: -2831
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319648 Lost: -8575
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306784 Lost: -743
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280397 Lost: -47421
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +209942 Lost: -42049
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270765 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311257 Lost: -1061
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322966 Lost: -3665
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +326105 Lost: -6591
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +327209 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318077 Lost: -3271
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313513 Lost: -5932
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265483 Lost: -19264
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +244126 Lost: -16160
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +254700 Lost: -1332
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281987 Lost: -2722
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292006 Lost: -6838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280360 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310795 Lost: -2339
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284449 Lost: -1350
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277995 Lost: -3161
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301306 Lost: -55528
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211208 Lost: -46333
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288728 Lost: -19774
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265468 Lost: -16410
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +266059 Lost: -15533
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268024 Lost: -22370
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +277155 Lost: -1668
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276209 Lost: -1063
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268544 Lost: -4009
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +255364 Lost: -4008
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265287 Lost: -3175
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275330 Lost: -13069
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272128 Lost: -5041
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +262006 Lost: -1544
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +261240 Lost: -21444
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +263272 Lost: -4665
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276182 Lost: -5300
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286526 Lost: -3188
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282654 Lost: -10774
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272434 Lost: -10077
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +252954 Lost: -5405
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +262264 Lost: -5417
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +254102 Lost: -14828
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +227293 Lost: -9033
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +241426 Lost: -147
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304320 Lost: -37074
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +215965 Lost: -68693
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +227491 Lost: -11695
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +328164 Lost: -4793
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298074 Lost: -5580
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +246998 Lost: -1613
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +259822 Lost: -2654
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280598 Lost: -9709
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288972 Lost: -1134
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249838 Lost: -15164
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +256804 Lost: -11834
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +239179 Lost: -13739
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +244558 Lost: -9376
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +237433 Lost: -3293
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +254489 Lost: -40745
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +222966 Lost: -55581
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +230172 Lost: -22746
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280841 Lost: -966
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279376 Lost: -5878
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281648 Lost: -7
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297385 Lost: -271
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271762 Lost: -12530
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276619 Lost: -4858
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296923 Lost: -2693
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316457 Lost: -6
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309748 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295089 Lost: -99925
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +212418 Lost: -32761
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +231736 Lost: -4
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317247 Lost: -9341
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315912 Lost: -4012
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312154 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317581 Lost: -2877
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308162 Lost: -18117
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307694 Lost: -1499
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301954 Lost: -3
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319109 Lost: -4807
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306097 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +328639 Lost: -10157
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320837 Lost: -97
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306658 Lost: -1942
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312196 Lost: -1047
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +221585 Lost: -58805
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +214266 Lost: -15440
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298450 Lost: -24975
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294962 Lost: -5
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322107 Lost: -4561
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316721 Lost: -2477
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316751 Lost: -6520
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313758 Lost: -2886
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311979 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +336085 Lost: -2562
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313678 Lost: -6966
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304169 Lost: -14932
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283958 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291009 Lost: -4035
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312270 Lost: -683
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313198 Lost: -2598
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315794 Lost: -6053
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310044 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306871 Lost: -3336
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311533 Lost: -4864
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305907 Lost: -663
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +322658 Lost: -3658
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315054 Lost: -9141
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319336 Lost: -1290
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +332709 Lost: -9917
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320984 Lost: -9691
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294381 Lost: -13792
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292990 Lost: -9197
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309397 Lost: -6173
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318323 Lost: -2593
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319871 Lost: -6991
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305263 Lost: -957
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +257732 Lost: -52610
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +216182 Lost: -61180
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275622 Lost: -6858
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286135 Lost: -7149
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288632 Lost: -5534
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296880 Lost: -6633
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301659 Lost: -3481
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312486 Lost: -3298
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315159 Lost: -7293
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308463 Lost: -9115
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315067 Lost: -15166
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304396 Lost: -5345
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307072 Lost: -6220
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307268 Lost: -11081
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282885 Lost: -22195
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271698 Lost: -14252
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279313 Lost: -16501
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269427 Lost: -1551
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275761 Lost: -31925
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +290111 Lost: -5364
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306978 Lost: -4840
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310004 Lost: -1707
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +324857 Lost: -8840
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +372294 Lost: -11201
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +368844 Lost: -13481
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +353486 Lost: -11909
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +360250 Lost: -11144
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +354986 Lost: -7616
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +356809 Lost: -6749
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +347167 Lost: -319
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317413 Lost: -1368
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320832 Lost: -4037
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +319435 Lost: -5345
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320320 Lost: -178
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317094 Lost: -24947
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308589 Lost: -1462
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312366 Lost: -831
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306010 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270535 Lost: -55916
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +213836 Lost: -32732
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272860 Lost: -6248
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305080 Lost: -1284
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308358 Lost: -495
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306996 Lost: -1809
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311671 Lost: -7086
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310414 Lost: -2988
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316153 Lost: -9599
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314003 Lost: -818
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314192 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +320450 Lost: -12858
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315589 Lost: -10212
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314023 Lost: -39102
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311978 Lost: -2992
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308085 Lost: -3731
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299389 Lost: -7124
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318727 Lost: -289
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292510 Lost: -7115
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +293515 Lost: -12313
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291085 Lost: -5563
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301098 Lost: -9110
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305711 Lost: -7616
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301125 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +299697 Lost: -373
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303765 Lost: -3786
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +296668 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313279 Lost: -9756
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311573 Lost: -3887
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307194 Lost: -19959
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308017 Lost: -5784
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314814 Lost: -4223
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +302037 Lost: -3421
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307154 Lost: -71547
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +214986 Lost: -54146
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +255104 Lost: -5134
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317829 Lost: -4150
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313244 Lost: -42
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314653 Lost: -7966
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309079 Lost: -6468
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312634 Lost: -1111
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317876 Lost: -3101
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306230 Lost: -5139
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291164 Lost: -1196
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294402 Lost: -7803
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +304710 Lost: -15536
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303519 Lost: -12831
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +309837 Lost: -1722
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +306731 Lost: -5410
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +310663 Lost: -1323
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275782 Lost: -838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +305321 Lost: -108
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300808 Lost: -3847
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300658 Lost: -17
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285659 Lost: -42311
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +223964 Lost: -40255
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265923 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301922 Lost: -2062
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +300924 Lost: -5377
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +312265 Lost: -5258
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +292274 Lost: -4109
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291252 Lost: -2
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276286 Lost: -5478
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271596 Lost: -2639
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275883 Lost: -2508
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273742 Lost: -849
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271813 Lost: -135
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270792 Lost: -12210
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270334 Lost: -8146
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268952 Lost: -1667
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +265013 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268971 Lost: -7483
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276036 Lost: -2549
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280298 Lost: -3853
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +275545 Lost: -6293
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269085 Lost: -4759
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276276 Lost: -4388
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274649 Lost: -4935
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268053 Lost: -2028
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271030 Lost: -16507
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272696 Lost: -25421
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +271501 Lost: -3838
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +258854 Lost: -61675
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +212411 Lost: -54342
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +229824 Lost: -1023
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274119 Lost: -8859
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272688 Lost: -1664
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272924 Lost: -12535
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +284826 Lost: -1884
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +282795 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278377 Lost: -7457
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267954 Lost: -9499
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +279175 Lost: -5560
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +268928 Lost: -12210
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +267263 Lost: -6249
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278648 Lost: -5130
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291218 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +314425 Lost: -1100
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +316912 Lost: -1515
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +223067 Lost: -45325
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +211371 Lost: -17630
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +318877 Lost: -4905
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +335112 Lost: -945
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311928 Lost: -6
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +307309 Lost: -8583
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +278386 Lost: -5386
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +297620 Lost: -3462
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294856 Lost: -1459
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +273985 Lost: -12276
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +280325 Lost: -3548
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +288139 Lost: -512
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301512 Lost: -5950
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +321655 Lost: -10953
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308101 Lost: -1338
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295927 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249314 Lost: -44620
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +209066 Lost: -62
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +315982 Lost: -5129
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +253980 Lost: -4420
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276340 Lost: -2845
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +251660 Lost: -832
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +249269 Lost: -9126
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +248095 Lost: -8408
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +269735 Lost: -310
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +272938 Lost: -4402
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +286368 Lost: -4212
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +295811 Lost: -54581
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +209533 Lost: -45111
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303659 Lost: -29910
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276405 Lost: -21523
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274584 Lost: -18237
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +274559 Lost: -10113
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308592 Lost: -7214
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +291862 Lost: -9085
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +270524 Lost: -7180
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +308407 Lost: -580
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +285256 Lost: -1335
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +313368 Lost: -2088
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +281654 Lost: -11630
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301268 Lost: -2775
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +276888 Lost: -4572
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311706 Lost: -68715
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +206926 Lost: -50466
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +311152 Lost: -1100
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +294778 Lost: -1
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +301215 Lost: -3927
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +303183 Lost: -11985
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +298308 Lost: -3142
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +264530 Lost: -40967
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +228590 Lost: -34378
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +283815 Lost: -1300
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +317471 Lost: -24012
File: /var/log/nsm/alasin-eth1/netsniff-ng.log Processed: +325808 Lost: -1098
Doug Burks
> BTW your redaction does not redact IPv6 public addresses.
Patches are welcome! :)
Doug Burks
On Thu, Oct 31, 2013 at 10:01 AM, Sami J. Mäkinen <sami...@gmail.com> wrote:
> On Tuesday, October 29, 2013 12:54:18 PM UTC+2, Doug Burks wrote:
>> Is this a standalone sensor, or do you have multiple sensors?
>
> Currently, I have one server and one sensor, on different machines.
>
>> What ruleset are you using?
>
> My pulledpork says:
>
> Prepping rules from snortrules-snapshot-2953.tar.gz for work....
> Prepping rules from emerging.rules.tar.gz for work....
only running those rules that actually apply to your environment and
provide actionable intelligence. Otherwise, you may be overwhelming
your sensor(s) and/or your analyst(s).
>> Is pulledpork updating the ruleset properly?
>
> Yes it is, and I get alerts. So the whole is generally working a-ok.
> I had to use disablesid and threshold.conf quite extensively,
> because we have a very busy network with lots of hosted servers and services.
> In a couple of weeks I managed to adjust false alerts to acceptable levels.
>
> The only issue here is that occasionally I get those "generic" alerts
> with no meaningful description.
the sensor when the new ruleset gets copied over. I'd recommend
looking at /var/log/nsm/pulledpork.log on the sensor for any errors.
Sami J. Mäkinen
> Replies inline.
Me too, I hate top-posting. :)
> >> What ruleset are you using?
> > Prepping rules from snortrules-snapshot-2953.tar.gz for work....
> > Prepping rules from emerging.rules.tar.gz for work....
> Running both rulesets results in a LOT of rules. Make sure you're
> only running those rules that actually apply to your environment and
> provide actionable intelligence. Otherwise, you may be overwhelming
> your sensor(s) and/or your analyst(s).
Yes, of course. I have a quite elaborative disablesid.conf
and threshold.conf because we have a LOT of different hosted sites,
and going with defaults produced shocking amount of noise.
That was no surprise, though. Now our setup is quite decent,
and we really only get mostly meaningful alerts. Of course
99% of those are still false alerts, because we see lots
of SQL injection and PHP vulnerability scanning on systems
that are not vulnerable.
> My guess would be that somehow barnyard2 is not restarting properly on
> the sensor when the new ruleset gets copied over. I'd recommend
> looking at /var/log/nsm/pulledpork.log on the sensor for any errors.
To me it seems quite normal. For example, the most recent entry:
Tue Nov 5 07:01:01 UTC 2013
Backing up current local_rules.xml file.
Cleaning up local_rules.xml backup files older than 30 days.
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Backing up current local.rules file before it gets overwritten.
Cleaning up local.rules backup files older than 30 days.
Sleeping for 5 minutes to allow master time to download new rules.
Copying rules from 10.31.36.16.
Restarting Barnyard2.
Restarting: alasin-eth1
stopping: barnyard2 (spooler, unified2 format) [ OK ]
starting: barnyard2 (spooler, unified2 format) [ OK ]
Restarting IDS Engine.
Restarting: alasin-eth1
stopping: suricata (alert data) [ OK ]
starting: suricata (alert data) [ OK ]
Would it be beneficial to sleep a while to let Barnyard2 settle a bit
before restarting Suricata? The barnyard2 process is always using up
quite a lot of cpu time for a while after [re]starting.
I really have no clue why those non-meaningful alerts are appearing.
At least I now have a tool to fix those afterwards. Sigh.
Any ideas?
Doug Burks
> Would it be beneficial to sleep a while to let Barnyard2 settle a bit
> before restarting Suricata? The barnyard2 process is always using up
> quite a lot of cpu time for a while after [re]starting.
until it is fully initialized, so I don't think adding a sleep between
barnyard2 and suricata would help. You're certainly welcome to try,
though.
> I really have no clue why those non-meaningful alerts are appearing.
> At least I now have a tool to fix those afterwards. Sigh.
>
> Any ideas?
for the SID in question. Try this on the server and all sensors.
Sami J. Mäkinen
> > Would it be beneficial to sleep a while to let Barnyard2 settle a bit
> > before restarting Suricata? The barnyard2 process is always using up
> > quite a lot of cpu time for a while after [re]starting.
> I don't think Barnyard2 will try to insert anything into the database
> until it is fully initialized, so I don't think adding a sleep between
> barnyard2 and suricata would help. You're certainly welcome to try,
> though.
The IDS engine is writing the new alerts to spool files,
and of course barnyard2 process would begin reading new alerts from them
only after the initialization is complete.
> > Any ideas?
> The next time this happens, try grepping /etc/nsm/rules/sid-msg.map
> for the SID in question. Try this on the server and all sensors.
Right now, I can see:
root@alasin:~# grep 2014047 /etc/nsm/rules/sid-msg.map
2014047 || ET TROJAN Double HTTP/1.1 Header Inbound - Likely Hostile Traffic
root@sibuli:~# grep 2014047 /etc/nsm/rules/sid-msg.map
2014047 || ET TROJAN Double HTTP/1.1 Header Inbound - Likely Hostile Traffic
There are dozens of those alerts in the db,
but they are not fresh anymore. I think I should try to
look at those alerts right after creation and see if the sid-msg.map
was okay by the time those alerts are generated.
I'll follow up if I discover anything more specific.
Thanks,
-sjm