%YAML 1.1
---

# Suricata configuration file. In addition to the comments describing all
# options in this file, full documentation can be found at:
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml


# Number of packets allowed to be processed simultaneously.  Default is a
# conservative 1024. A higher number will make sure CPU's/CPU cores will be
# more easily kept busy, but may negatively impact caching.
#
# If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules
# apply. In that case try something like 60000 or more. This is because the CUDA
# pattern matcher buffers and scans as many packets as possible in parallel.
#max-pending-packets: 1024

# Runmode the engine should use. Please check --list-runmodes to get the available
# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
# load balancing).
#runmode: autofp

# Specifies the kind of flow load balancer used by the flow pinned autofp mode.
#
# Supported schedulers are:
#
# round-robin       - Flows assigned to threads in a round robin fashion.
# active-packets    - Flows assigned to threads that have the lowest number of
#                     unprocessed packets (default).
# hash              - Flow alloted usihng the address hash. More of a random
%YAML 1.1
---

# Suricata configuration file. In addition to the comments describing all
# options in this file, full documentation can be found at:
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml


# Number of packets allowed to be processed simultaneously.  Default is a
# conservative 1024. A higher number will make sure CPU's/CPU cores will be
# more easily kept busy, but may negatively impact caching.
#
# If you are using the CUDA pattern matcher (mpm-algo: ac-cuda), different rules
# apply. In that case try something like 60000 or more. This is because the CUDA
# pattern matcher buffers and scans as many packets as possible in parallel.
#max-pending-packets: 1024

# Runmode the engine should use. Please check --list-runmodes to get the available
# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
# load balancing).
#runmode: autofp

# Specifies the kind of flow load balancer used by the flow pinned autofp mode.
#
# Supported schedulers are:
#
# round-robin       - Flows assigned to threads in a round robin fashion.
# active-packets    - Flows assigned to threads that have the lowest number of
#                     unprocessed packets (default).
# hash              - Flow alloted usihng the address hash. More of a random
[pid 19798] munmap(0xb48d7000, 4096)    = 0
[pid 19798] socket(PF_PACKET, SOCK_RAW, 768) = 7
[pid 19798] ioctl(7, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
[pid 19798] ioctl(7, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=00:50:56:a2:66:3b}) = 0
[pid 19798] ioctl(7, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=4}) = 0
[pid 19798] bind(7, {sa_family=AF_PACKET, proto=0x03, if4, pkttype=PACKET_HOST, addr(0)={0, }, 20 <unfinished ...>
[pid 19797] <... nanosleep resumed> NULL) = 0
[pid 19797] nanosleep({0, 100000}, NULL) = 0
[pid 19797] nanosleep({0, 100000},  <unfinished ...>
[pid 19798] <... bind resumed> )        = 0
[pid 19798] getsockopt(7, SOL_SOCKET, SO_ERROR <unfinished ...>
[pid 19797] <... nanosleep resumed> NULL) = 0
[pid 19798] <... getsockopt resumed> , [0], [4]) = 0
[pid 19797] nanosleep({0, 100000},  <unfinished ...>
[pid 19798] setsockopt(7, SOL_PACKET, PACKET_ADD_MEMBERSHIP, "\4\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
[pid 19798] setsockopt(7, SOL_PACKET, 0x8 /* PACKET_??? */, [1], 4) = 0
[pid 19798] getsockopt(7, SOL_PACKET, 0xb /* PACKET_??? */, [28], [4]) = 0
[pid 19798] setsockopt(7, SOL_PACKET, 0xa /* PACKET_??? */, [1], 4) = 0
[pid 19798] setsockopt(7, SOL_PACKET, 0xc /* PACKET_??? */, [4], 4) = 0
[pid 19798] setsockopt(7, SOL_PACKET, PACKET_RX_RING, "\0\20\0\0\234\2\0\0 \6\0\0008\5\0\0", 16 <unfinished ...>
[pid 19797] <... nanosleep resumed> NULL) = 0
[pid 19797] nanosleep({0, 100000}, NULL) = 0
[pid 19797] nanosleep({0, 100000},  <unfinished ...>
[pid 19798] <... setsockopt resumed> )  = 0
[pid 19798] mmap2(NULL, 2736128, PROT_READ|PROT_WRITE, MAP_SHARED, 7, 0) = 0xb4464000
[pid 19798] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 8
[pid 19798] ioctl(8, SIOCETHTOOL, 0xb50d607c) = -1 EPERM (Operation not permitted)
[pid 19798] gettimeofday({1396012736, 986289}, NULL) = 0
[pid 19798] write(1, "28/3/2014 -- 14:18:56 - <Warning"..., 14228/3/2014 -- 14:18:56 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get f
eature via ioctl: Operation not permitted (1)
smartctl 5.41 2011-06-09 r3365 [x86_64-linux-3.2.0-60-generic] (local build)
Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Device Model:     Hitachi HDS721010DLE630
Serial Number:    MSE5215V085L7L
LU WWN Device Id: 5 000cca 37cc3b7f2
Firmware Version: MS2OA5Q0
User Capacity:    1.000.204.886.016 bytes [1,00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Sat Mar 29 12:43:51 2014 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x84) Offline data collection activity
                                        was suspended by an interrupting command from host.
                                        Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                ( 7313) seconds.
Offline data collection
[pid 19798] mmap2(NULL, 2736128, PROT_READ|PROT_WRITE, MAP_SHARED, 7, 0) = 0xb4464000
[pid 19798] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 8
[pid 19798] ioctl(8, SIOCETHTOOL, 0xb50d607c) = -1 EPERM (Operation not permitted)
[pid 19798] gettimeofday({1396012736, 986289}, NULL) = 0
[pid 19798] write(1, "28/3/2014 -- 14:18:56 - <Warning"..., 14228/3/2014 -- 14:18:56 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get f
eature via ioctl: Operation not permitted (1)
) = 142
[pid 19798] close(8
getrlimit(RLIMIT_CORE, {rlim_cur=1000000*1024, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
gettimeofday({1396002554, 870004}, NULL) = 0
capget(0x20080522, 0, NULL)             = -1 EINVAL (Invalid argument)
gettid()                                = 21284
prctl(0x8, 0x1, 0, 0, 0)                = 0
capset(0x20080522, 21284, {CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_NET_RAW, CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_NET_RAW, 0}) = -1 EPERM (Operation not permitted)
gettimeofday({1396002554, 870289}, NULL) = 0
write(2, "28/3/2014 -- 11:29:14 - <Error> "..., 11928/3/2014 -- 11:29:14 - <Error> - [ERRCODE: SC_ERR_CHANGING_CAPS_FAILED(157)] - capng_change_id for main thread failed
) = 119
exit_group(1)                           = ?
suricata --build-info
This is Suricata version 2.0 RELEASE
Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS 
SIMD support: none
Atomic intrisics: 1 2 4 8 byte(s)
32-bits, Little-endian architecture
GCC version 4.4.6 20110731 (Red Hat 4.4.6-3), C version 199901
compiled with -fstack-protector
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.10, linked against LibHTP v0.5.10
Suricata Configuration:
  AF_PACKET support:                       yes
  PF_RING support:                         no
  NFQueue support:                         yes
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no
  Unix socket enabled:                     no
  Detection enabled:                       yes

  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      no
  Prelude support:                         no
  PCRE jit:                                no
  libluajit:                               no
  libgeoip:                                no
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
[l.O]
P250:1
MP5A4:1
Bolt Action Rifle:1
556 Ammo:60
9mm Ammo:150

[s.O]
MP5A4:1
P250:1
Shotgun:1
9mm Ammo:150
Shotgun Shells:45

[mod.O]
Silencer:3
Flashlight Mod:3
Holo sight:2

[bow.O]
Hunting Bow:1
Arrow:40

[Ammo.O]
9mm Ammo:150
556 Ammo:150
Shotgun Shells:45

[hs.O]
Cooked Chicken Breast:20
BaseController.prototype.createError = function(message, returnField, id){
   var error = {success: false, message: message};
   error[returnField] = null;
   winston.error(message + " - Id: " + (id ? id : "- ") + ": " + new Error().stack);
   return error;
};
URxvt.termName:         rxvt-unicode-256color
URxvt.scrollBar:        off
URxvt.jumpScroll:       true
URxvt.secondaryScroll:  true
URxvt.scrollstyle:      plain
URxvt.cursorBlink:      false
URxvt.saveLines:        65535
URxvt.internalBorder:   2
URxvt.loginShell:       true
URxvt.cursorUnderline:  true
URxvt.xftAntialias:     false
URxvt.borderless:       true
URxvt.background:       #000000
URxvt.foreground:       #BEBEBE
!URxvt.font:             -*-proggytinysz-medium-*-*-*-10-*-*-*-*-*-*-*
!URxvt.boldFont:         -*-proggytinysz-bold-*-*-*-10-*-*-*-*-*-*-*
!URxvt.font:             -*-*-*-*-*-*-10-*-*-*-*-*-iso10646-1
!URxvt.boldFont:         -*-*-*-*-*-*-10-*-*-*-*-*-iso10646-1
!URxvt.font:             -xos4-terminus-medium-*-*-*-12-*-*-*-*-*-iso10646-1
!URxvt.boldFont:         -xos4-terminus-bold-*-*-*-12-*-*-*-*-*-iso10646-1
URxvt.font:             -*-gohufont-medium-*-*-*-11-*-*-*-*-*-iso10646-1
xterm*faceName:         gohufont:pixelsize=11
URxvt.boldFont:         -*-gohufont-bold-*-*-*-11-*-*-*-*-*-iso10646-1
URxvt.perl-lib:         /usr/lib/urxvt/perl/
URxvt.colorUL:          #4682B4
URxvt.perl-ext-common:  default,confirm-paste,url-select,keyboard-select,clipboard
URxvt.url-select.launcher:  /usr/bin/firefox-bin -new-tab
URxvt.url-select.underline: true
URxvt.keysym.M-u:       perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate