suricata 0.2.1 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b39b7f8d5f35c88d47470c8522f3876d1aa0fd91
-  data.tar.gz: c739e4b101f9258a78482ba924a55eaa511e6bcb
+  metadata.gz: 23facf078e973ea4a2a3f829ac363ab7a04ffe68
+  data.tar.gz: 37b07b5b458de9354fe3207e8c1d632ba2e1a802
 SHA512:
-  metadata.gz: bf9197361545ba0ba9d964c720aea5530541059c4fc8c59a507be4c4d0a5653f72e1243a4adf435f212035481c9b54ea7444d05ded48630fc688d55c32c17760
-  data.tar.gz: d7cd195979fc17983a8e337bcdfb8824e43d0478e7ce52f0e19e0874bdf74bc3affa5c670447d135c6b9095fd2fbdd6785959a9e624079f6042d3a4ce7d967b4
+  metadata.gz: 07b2718ec993525bfb416686758af07a9df748550e334549c7175ec6d2d5ed8d8e1e27f737cccd61aa7996b6ed84945dfed1369407f58c8499856ba46e3a87a4
+  data.tar.gz: 9e4d48806d18f31b4470416e186295b9873b4111aa2ab47822c1039fa1c251baaad5b794052af67fafbbf2f32649f938eaca8727932131cfef61bc3d2bb77f02

data/README.md

@@ -31,7 +31,7 @@ Or install it yourself as:
 This gem comes with a Nagios-plugin to search suricata's fast-logfile for specific strings in the threat-description.
 
 ```
-Usage: check_suricata.rb [ -a alertfile ] [ -w whitelistfile ] -e searchstring
+Usage: check_suricata [ -a alertfile ] [ -w whitelistfile ] -e searchstring
     -h, --help                       This help screen
     -a, --alertfile ALERTFILE        alertfile(default: /var/log/suricata/fast.log)
     -w, --whitelist WHITELISTFILE    whitelistfile
@@ -42,7 +42,7 @@ Usage: check_suricata.rb [ -a alertfile ] [ -w whitelistfile ] -e searchstring
 
 It is possible to interactively acknowlege search hits so that they will not occur on the next search:
 ```
-check_suricata.rb -i -e "ET CHAT"                                                                                                                                               
+check_suricata -i -e "ET CHAT"                                                                                                                                               
 Acknowlege the following entry:
 10/04/2016-13:39:45.498785 [**] [1:2001595:10] ET CHAT Skype VOIP Checking Version (Startup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.1:40460 -> 15.14.13.12:80
 Acknowlege(y|n): y
@@ -51,6 +51,58 @@ Acknowlege the following entry:
 Acknowlege(y|n): n
 ```
 
+### Logfile Analyzer
+
+This gem comes with a logfile analyzer for suricata's fast.log. It's very easy to use and meant for using as a daily cronjob
+```
+Usage: surilizer.rb <fast.log | fast.log* | fast.log fast.2.log fast.3.log.gz >
+
+surilizer.rb misc/fast.log
+
+======== Suricata Log Analysis ========
+Events: 11
+Unique Sources: 3
+Unique Events: 6
+
+======== Unique Events =========
+
+PRIORITY	| DESCRIPTION 
+1		| ET POLICY Cleartext WordPress Login
+1		| ET POLICY Http Client Body contains pwd= in cleartext
+1		| ET CHAT Skype VOIP Checking Version (Startup)
+2		| ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 339
+3		| GPL CHAT Jabber/Google Talk Outgoing Traffic
+3		| SURICATA TCPv4 invalid checksum
+
+======== Eventy by source ========
+Source: 192.168.0.1
+	-> 8.8.8.8
+		1 x ET POLICY Cleartext WordPress Login Prio: 1
+	-> 8.8.8.1
+		1 x ET POLICY Http Client Body contains pwd= in cleartext Prio: 1
+	-> 4.3.2.1
+		1 x SURICATA TCPv4 invalid checksum Prio: 3
+	-> 15.14.13.12
+		1 x ET CHAT Skype VOIP Checking Version (Startup) Prio: 1
+	-> 8.4.3.7
+		1 x GPL CHAT Jabber/Google Talk Outgoing Traffic Prio: 3
+	-> 1.2.3.22
+		2 x SURICATA TCPv4 invalid checksum Prio: 3
+	-> 100.254.198.10
+		1 x ET CHAT Skype VOIP Checking Version (Startup) Prio: 1
+
+Source: 212.69.166.153
+	-> 1.2.3.4
+		1 x ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 339 Prio: 2
+
+Source: 10.12.32.6
+	-> 42.42.42.42
+		1 x SURICATA TCPv4 invalid checksum Prio: 3
+	-> 9.1.2.1
+		1 x SURICATA TCPv4 invalid checksum Prio: 3
+
+```
+
 ## Documentation
 
 [rubydoc.info](http://www.rubydoc.info/github/whotwagner/suricata/master)

data/exe/surilizer.rb

@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'suricata/surilizer'
+
+def usage(prognam)
+	puts "Usage: #{prognam} <fast.log | fast.log.gz | fast.log fast.log.1.gz fast.log2.gz fast3.log>"
+	exit 0
+end
+
+begin
+usage($PROGRAM_NAME) if ARGV.length == 0
+	surilizer = Suricata::Surilizer.new()
+
+	ARGV.each do |f|
+		if f =~ /.*.gz$/
+			Zlib::GzipReader.open(f) {|gz|
+				  surilizer.logfile = Suricata::Logfile.new(nil,false,gz)
+				  surilizer.analyze
+				  surilizer.logfile.close
+			}
+		else
+			surilizer.logfile = Suricata::Logfile.new(f)
+			surilizer.analyze
+			surilizer.logfile.close
+		end
+	end
+	surilizer.result
+rescue Errno::ENOENT => e
+	puts "#{e.message}\n"
+	exit 1
+end

data/lib/suricata/fast.rb

@@ -71,6 +71,10 @@ def parse(string)
 
 end
 
+def getThreat
+	return [ @description, @priority, @classification ]
+end
+
 # this function converts the parsed entry back to string
 # @return [String] converted string
 def to_s

data/lib/suricata/logfile.rb

@@ -41,12 +41,14 @@ attr_reader :file, :line
 # constructor
 # @param [String] logfile path and filename of the logfile
 # @param [Boolean] autoopen calls open if true(default: true)
-def initialize(logfile,autoopen=true)
+def initialize(logfile,autoopen=true,file=nil)
 	@logfile = logfile
 	@parser = Suricata::Fast.new
 
 	if autoopen == true
 		open
+	else
+		@file = file if not file.nil?
 	end
 end
 
@@ -89,6 +91,13 @@ def readline_parse
 end
 
 # this method reads a line of the logfile
+#
+# @example readline with a block
+#   log = Suricata::Logfile.new("misc/fast.log")
+#   log.readline do |n|
+#      puts n
+#   end
+#
 # @return [String] line current logfile entry
 # @return [Boolean] false when EOF reached
 # @yieldparam [String] @line current logfile entry

data/lib/suricata/surilizer.rb

@@ -0,0 +1,120 @@
+module Suricata
+
+require 'suricata/logfile'
+
+class Counter
+attr_reader :count
+
+def initialize(start=0)
+@count = start
+end
+
+def increase
+@count += 1
+end
+
+def to_s
+	"#{@count}"
+end
+
+end
+
+
+#
+# [src-ip][counter]
+# [src-ip][dst]
+# [src-ip][dst][counter]
+# [src-ip][dst][desc][counter]
+class Surilizer
+
+attr_accessor :logfile
+attr_reader :src, :lines
+
+def initialize(file = nil)
+
+	@logfile = Suricata::Logfile.new(file) if not file.nil?
+	@src = Hash.new
+	@dst = Hash.new
+	@lines = Counter.new
+end
+
+
+
+def analyze()
+	@logfile.readline_parse do |entry|
+		@lines.increase
+		addCounter(@src,entry.conn.src)
+		addEntry(@src[entry.conn.src],'dst',Hash)
+		addCounter(@src[entry.conn.src]['dst'],entry.conn.dst)
+		addEntry(@src[entry.conn.src]['dst'][entry.conn.dst],'desc',Hash)
+		addCounter(@src[entry.conn.src]['dst'][entry.conn.dst]['desc'],entry.description)
+		@src[entry.conn.src]['dst'][entry.conn.dst]['desc'][entry.description]['prio'] = entry.priority
+		@src[entry.conn.src]['dst'][entry.conn.dst]['desc'][entry.description]['class'] = entry.classification
+	end
+
+
+end
+
+def getUniqEvents
+	a = Array.new
+	@src.each do |key,val|
+		val['dst'].each do  |keya,vala|
+		val['dst'][keya]['desc'].each do  |keyb,valb|
+			a.push([keyb,val['dst'][keya]['desc'][keyb]['prio']])
+		end
+
+		end
+	end
+
+	return a.uniq
+end
+
+def result
+	events = getUniqEvents
+	puts "======== Suricata Log Analysis ========"
+	puts "Events: #{@lines}"
+	puts "Unique Sources: #{@src.length}"
+	puts "Unique Events: #{events.length}"
+	puts "\n"
+	puts "======== Unique Events ========="
+	puts "\n"
+	puts "PRIORITY\t| DESCRIPTION "
+	events.sort{ |x,y| x[1] <=> y[1]}.each do |e|
+		puts "#{e[1]}\t\t| #{e[0]}"
+	end
+	puts "\n"
+
+	puts "======== Eventy by source ========"
+	@src.each do |key,val|
+		puts "Source: #{key}"
+		val['dst'].each do  |keya,vala|
+		puts "\t-> #{keya}\n"
+		val['dst'][keya]['desc'].each do  |keyb,valb|
+			puts "\t\t#{valb['counter'].count} x #{keyb} Prio: #{valb['prio']}\n"
+		end
+
+		end
+		puts ""
+	end
+
+end
+
+private
+def addCounter(val,entry)
+		if not val.key?(entry)
+			val[entry] = Hash.new
+			val[entry]['counter'] = Counter.new(1)
+		else
+			val[entry]['counter'].increase
+		end
+end
+
+def addEntry(val,entry,type)
+	if not val.key?(entry)
+		val[entry] = type.new
+	end
+end
+
+end
+
+end

data/lib/suricata/version.rb

@@ -21,5 +21,5 @@
 
 module Suricata
 # yes, this is the version
-  VERSION = "0.2.1"
+  VERSION = "0.3.1"
 end

data/lib/suricata.rb

@@ -3,4 +3,5 @@ require "suricata/fast"
 require "suricata/connection"
 require "suricata/logfile"
 require "suricata/nagios"
+require "suricata/surilizer"
 

data/misc/fast.log.1

@@ -0,0 +1,151 @@
+10/06/2016-07:14:39.186933  [**] [1:2500034:4093] ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 183.129.160.229:16192 -> 192.168.0.5:80
+10/06/2016-09:44:22.405503  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:61214 -> 213.185.164.216:80
+10/06/2016-09:59:15.555306  [**] [1:2019401:14] ET POLICY Vulnerable Java Version 1.8.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.27:49286 -> 23.37.43.27:80
+10/06/2016-09:59:15.647027  [**] [1:2019401:14] ET POLICY Vulnerable Java Version 1.8.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.27:49288 -> 23.37.43.27:80
+10/06/2016-10:00:47.457385  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:59845 -> 172.217.21.98:443
+10/06/2016-10:00:47.458093  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.217.21.98:443 -> 192.168.0.13:59845
+10/06/2016-10:00:47.518407  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:59847 -> 185.33.220.5:443
+10/06/2016-10:00:47.518947  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 185.33.220.5:443 -> 192.168.0.13:59847
+10/06/2016-10:01:22.040337  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49760 -> 195.182.26.70:443
+10/06/2016-10:01:22.092234  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49760
+10/06/2016-10:01:22.984315  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49762 -> 195.182.26.70:443
+10/06/2016-10:01:23.032643  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49762
+10/06/2016-10:01:23.500111  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49764 -> 195.182.26.70:443
+10/06/2016-10:01:23.547588  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49764
+10/06/2016-10:01:23.777248  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49766 -> 195.182.26.70:443
+10/06/2016-10:01:23.826879  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49766
+10/06/2016-10:01:25.072561  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49768 -> 195.182.26.70:443
+10/06/2016-10:01:25.122716  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49768
+10/06/2016-10:01:39.295768  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49774 -> 195.182.26.70:443
+10/06/2016-10:01:39.343762  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49774
+10/06/2016-10:01:43.694306  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49776 -> 195.182.26.70:443
+10/06/2016-10:01:43.743578  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49776
+10/06/2016-10:01:46.065983  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49779 -> 195.182.26.70:443
+10/06/2016-10:01:46.115559  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49779
+10/06/2016-10:44:22.352988  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:62401 -> 213.185.164.216:80
+10/06/2016-11:24:34.439602  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50361 -> 195.182.26.70:443
+10/06/2016-11:24:34.490234  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50361
+10/06/2016-11:24:34.952874  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50363 -> 195.182.26.70:443
+10/06/2016-11:24:35.003259  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50363
+10/06/2016-11:24:35.398791  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50365 -> 195.182.26.70:443
+10/06/2016-11:24:35.688142  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50367 -> 195.182.26.70:443
+10/06/2016-11:24:35.454109  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50365
+10/06/2016-11:24:35.739529  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50367
+10/06/2016-11:24:41.738544  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50369 -> 195.182.26.70:443
+10/06/2016-11:24:41.787304  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50369
+10/06/2016-11:24:44.080325  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50372 -> 195.182.26.70:443
+10/06/2016-11:24:44.130042  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50372
+10/06/2016-11:24:44.809038  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50374 -> 195.182.26.70:443
+10/06/2016-11:24:44.856946  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50374
+10/06/2016-11:25:39.392733  [**] [1:2402000:4200] ET DROP Dshield Block Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 71.6.216.43:443 -> 192.168.0.5:443
+10/06/2016-11:25:39.392733  [**] [1:2403302:2973] ET CINS Active Threat Intelligence Poor Reputation IP group 3 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 71.6.216.43:443 -> 192.168.0.5:443
+10/06/2016-11:33:03.671111  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50682 -> 195.182.26.70:443
+10/06/2016-11:33:03.719371  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50682
+10/06/2016-11:33:04.211684  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50684 -> 195.182.26.70:443
+10/06/2016-11:33:04.260356  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50684
+10/06/2016-11:33:04.869569  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50686 -> 195.182.26.70:443
+10/06/2016-11:33:04.919184  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50686
+10/06/2016-11:33:05.779465  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50688 -> 195.182.26.70:443
+10/06/2016-11:33:05.790281  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50688
+10/06/2016-11:33:08.934400  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50690 -> 195.182.26.70:443
+10/06/2016-11:33:08.981786  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50690
+10/06/2016-11:38:43.580726  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50707 -> 195.182.26.70:443
+10/06/2016-11:38:43.630861  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50707
+10/06/2016-11:42:45.210344  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50744 -> 195.182.26.70:443
+10/06/2016-11:42:45.260877  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50744
+10/06/2016-11:42:45.503674  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50746 -> 195.182.26.70:443
+10/06/2016-11:42:45.554973  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50746
+10/06/2016-11:42:45.813082  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50748 -> 195.182.26.70:443
+10/06/2016-11:42:45.862735  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50748
+10/06/2016-11:42:46.106513  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50750 -> 195.182.26.70:443
+10/06/2016-11:42:46.364219  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50752 -> 195.182.26.70:443
+10/06/2016-11:42:46.411981  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50752
+10/06/2016-11:42:46.155033  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50750
+10/06/2016-11:42:53.320067  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50756 -> 195.182.26.70:443
+10/06/2016-11:42:53.370898  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50756
+10/06/2016-11:42:53.711102  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50758 -> 195.182.26.70:443
+10/06/2016-11:42:53.721841  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50758
+10/06/2016-11:42:54.872327  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50760 -> 195.182.26.70:443
+10/06/2016-11:42:54.923655  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50760
+10/06/2016-11:44:22.320503  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63642 -> 213.185.164.216:80
+10/06/2016-11:46:51.362738  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50798 -> 195.182.26.70:443
+10/06/2016-11:46:51.412815  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50798
+10/06/2016-11:54:23.928145  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63864 -> 213.185.164.216:80
+10/06/2016-11:54:44.314769  [**] [1:2015561:2] ET INFO PDF Using CCITTFax Filter [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 87.106.10.40:80 -> 192.168.0.13:62018
+10/06/2016-11:55:37.777647  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63876 -> 213.185.164.216:80
+10/06/2016-12:42:18.524190  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50701 -> 195.182.26.70:443
+10/06/2016-12:42:18.572171  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50701
+10/06/2016-12:42:18.878037  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50703 -> 195.182.26.70:443
+10/06/2016-12:42:18.926799  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50703
+10/06/2016-12:42:19.574259  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50705 -> 195.182.26.70:443
+10/06/2016-12:42:19.626434  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50705
+10/06/2016-12:42:20.022120  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50707 -> 195.182.26.70:443
+10/06/2016-12:42:20.072932  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50707
+10/06/2016-12:42:20.339976  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50709 -> 195.182.26.70:443
+10/06/2016-12:42:20.389370  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50709
+10/06/2016-12:42:25.100167  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50712 -> 195.182.26.70:443
+10/06/2016-12:42:25.151540  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50712
+10/06/2016-12:42:27.593697  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50715 -> 195.182.26.70:443
+10/06/2016-12:42:27.641473  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50715
+10/06/2016-12:49:46.811236  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.17:58206 -> 136.243.54.218:443
+10/06/2016-12:49:46.834430  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 136.243.54.218:443 -> 192.168.0.17:58206
+10/06/2016-12:49:48.305316  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.17:58275 -> 37.252.172.70:443
+10/06/2016-12:49:48.540260  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 37.252.172.70:443 -> 192.168.0.17:58275
+10/06/2016-13:55:27.681946  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51297 -> 195.182.26.70:443
+10/06/2016-13:55:27.733038  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51297
+10/06/2016-13:55:28.007280  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51299 -> 195.182.26.70:443
+10/06/2016-13:55:28.055659  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51299
+10/06/2016-13:55:28.295711  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51301 -> 195.182.26.70:443
+10/06/2016-13:55:28.342795  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51301
+10/06/2016-13:55:28.579846  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51303 -> 195.182.26.70:443
+10/06/2016-13:55:28.628843  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51303
+10/06/2016-13:55:29.057794  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51305 -> 195.182.26.70:443
+10/06/2016-13:55:29.067345  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51305
+10/06/2016-13:55:30.919653  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51307 -> 195.182.26.70:443
+10/06/2016-13:55:30.967892  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51307
+10/06/2016-13:58:30.794280  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51339 -> 195.182.26.70:443
+10/06/2016-13:58:30.843475  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51339
+10/06/2016-14:14:25.524991  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51087 -> 195.182.26.70:443
+10/06/2016-14:14:25.574540  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51087
+10/06/2016-14:14:25.830298  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51089 -> 195.182.26.70:443
+10/06/2016-14:14:25.879511  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51089
+10/06/2016-14:14:26.072196  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51091 -> 195.182.26.70:443
+10/06/2016-14:14:26.123644  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51091
+10/06/2016-14:14:27.566537  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51093 -> 195.182.26.70:443
+10/06/2016-14:14:27.614581  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51093
+10/06/2016-14:26:04.796851  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 173.194.62.246:80 -> 192.168.0.22:49267
+10/06/2016-15:13:43.419337  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.227.186.144:80 -> 192.168.0.12:49697
+10/06/2016-15:25:42.722773  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 104.84.190.186:80 -> 192.168.0.22:49449
+10/06/2016-17:06:50.928856  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:63778 -> 136.243.39.93:443
+10/06/2016-17:06:50.965275  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 136.243.39.93:443 -> 192.168.0.13:63778
+10/06/2016-17:11:20.543656  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52373 -> 195.182.26.70:443
+10/06/2016-17:11:20.594119  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52373
+10/06/2016-17:11:23.117712  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52377 -> 195.182.26.70:443
+10/06/2016-17:11:23.409590  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52379 -> 195.182.26.70:443
+10/06/2016-17:11:23.165725  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52377
+10/06/2016-17:11:23.456747  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52379
+10/06/2016-17:11:23.706986  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52381 -> 195.182.26.70:443
+10/06/2016-17:11:23.754938  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52381
+10/06/2016-17:11:23.965564  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52383 -> 195.182.26.70:443
+10/06/2016-17:11:24.013870  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52383
+10/06/2016-17:11:26.529664  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52386 -> 195.182.26.70:443
+10/06/2016-17:11:26.579047  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52386
+10/06/2016-17:11:27.193283  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52388 -> 195.182.26.70:443
+10/06/2016-17:11:27.205002  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52388
+10/06/2016-17:11:29.563647  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52390 -> 195.182.26.70:443
+10/06/2016-17:11:29.610961  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52390
+10/06/2016-17:16:05.701318  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52415 -> 195.182.26.70:443
+10/06/2016-17:16:05.748978  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52415
+10/06/2016-18:27:22.260810  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52404 -> 195.182.26.70:443
+10/06/2016-18:27:22.309444  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52404
+10/06/2016-18:27:22.878087  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52406 -> 195.182.26.70:443
+10/06/2016-18:27:23.116603  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52408 -> 195.182.26.70:443
+10/06/2016-18:27:22.929708  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52406
+10/06/2016-18:27:23.166721  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52408
+10/06/2016-18:27:23.395819  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52410 -> 195.182.26.70:443
+10/06/2016-18:27:23.443786  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52410
+10/06/2016-19:03:04.751445  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:49344 -> 216.58.214.130:443
+10/06/2016-19:03:04.754773  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 216.58.214.130:443 -> 192.168.0.13:49344
+10/06/2016-21:31:41.925044  [**] [1:2402000:4200] ET DROP Dshield Block Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 61.240.144.65:42206 -> 192.168.0.5:443
+10/06/2016-21:31:41.925044  [**] [1:2403302:2973] ET CINS Active Threat Intelligence Poor Reputation IP group 3 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 61.240.144.65:42206 -> 192.168.0.5:443
+10/07/2016-04:48:38.031059  [**] [1:2500034:4093] ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 183.129.160.229:811 -> 192.168.0.5:80

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: suricata
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.1
 platform: ruby
 authors:
 - Wolfgang Hotwagner
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-10-11 00:00:00.000000000 Z
+date: 2017-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,13 +71,17 @@ files:
 - bin/console
 - bin/setup
 - exe/check_suricata
+- exe/surilizer.rb
 - lib/suricata.rb
 - lib/suricata/connection.rb
 - lib/suricata/fast.rb
 - lib/suricata/logfile.rb
 - lib/suricata/nagios.rb
+- lib/suricata/surilizer.rb
 - lib/suricata/version.rb
 - misc/fast.log
+- misc/fast.log.1
+- misc/fast.log.2.gz
 - misc/whitelist.txt
 - suricata.gemspec
 homepage: https://github.com/whotwagner/suricata